CVE-2016-8027

CRITICAL

Intel Security McAfee ePO <5.3.2 & <5.1.3 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037777

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95981

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10187

Scores

CVSS v3 10.0

EPSS 0.1263

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

mcafee/epolicy_orchestrator 5.1.0 - 5.1.3

n/a/McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier

Published Mar 14, 2017

Tracked Since Feb 18, 2026