CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*

History

15 Nov 2023, 20:24

Type Values Removed Values Added
CWE CWE-89
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10379 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10379 - Broken Link

07 Nov 2023, 03:41

Type Values Removed Values Added
CWE CWE-89
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10379 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10379 -

Information

Published : 2022-03-23 14:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-0842

Mitre link : CVE-2022-0842

CVE.ORG link : CVE-2022-0842


JSON object : View

Products Affected

mcafee

  • epolicy_orchestrator
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')