CVE-2022-1258
HIGHMcAfee Agent < 5.7.6 - Authenticated Blind SQL Injection via ePO Extension
Title source: llmDescription
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10382
Scores
CVSS v3
8.4
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
mcafee/agent
< 5.7.6
Published
Apr 14, 2022
Tracked Since
Feb 18, 2026