CVE-2022-0842
MEDIUMMcAfee ePolicy Orchestrator < 5.10.0 - Authenticated Blind SQL Injection
Title source: llmDescription
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (2)
mcafee/epolicy_orchestrator
5.10.0 (13 CPE variants)
mcafee/epolicy_orchestrator
< 5.10.0
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026