← Back to CVEs
CVE-2022-1258
HIGH8.4
Description
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
CVE Details
CVSS v3.1 Score8.4
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionREQUIRED
Published4/14/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
mcafee:agent
Weaknesses (CWE)
CWE-89CWE-89
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10382(trellixpsirt@trellix.com)
https://kc.mcafee.com/corporate/index?page=content&id=SB10382(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.