Description
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.
Exploits (1)
References (5)
Core 5
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/209131
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10042
Various Sources third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-193A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59500
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/289
Scores
EPSS
0.0381
EPSS Percentile
88.2%
Details
CWE
CWE-89
Status
published
Products (19)
mcafee/epolicy_orchestrator
2.0
mcafee/epolicy_orchestrator
2.5 (2 CPE variants)
mcafee/epolicy_orchestrator
2.5.1
mcafee/epolicy_orchestrator
3.0 (2 CPE variants)
mcafee/epolicy_orchestrator
3.5.0
mcafee/epolicy_orchestrator
3.6.0
mcafee/epolicy_orchestrator
3.6.1
mcafee/epolicy_orchestrator
4.0
mcafee/epolicy_orchestrator
4.5.0
mcafee/epolicy_orchestrator
4.5.3
... and 9 more
Published
May 01, 2013
Tracked Since
Feb 18, 2026