RETIRED: McAfee ePolicy Orchestrator Multiple SQL Injection and Cross Site Scripting Vulnerabilities
McAfee ePolicy Orchestrator is prone to multiple SQL-injection and cross-site scripting vulnerabilities.
Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
McAfee ePolicy Orchestrator 4.6.6 is vulnerable; other versions may also be affected.
This BID is being retired. The following individual records exist to better document the issues:
61421 McAfee ePolicy Orchestrator Multiple SQL Injection Vulnerabilities
61422 McAfee ePolicy Orchestrator Multiple Cross Site Scripting Vulnerabilities