CVE-2022-1258

HIGH

Mcafee Agent < 5.7.6 - SQL Injection

Title source: rule

Description

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

References (1)

[Broken Link] https://kc.mcafee.com/corporate/index?page=content&id=SB10382

Scores

CVSS v3 8.4

EPSS 0.0024

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (1)

mcafee/agent < 5.7.6

Timeline

Published Apr 14, 2022

Tracked Since Feb 18, 2026