McAfee ePolicy Orchestrator Multiple SQL Injection Vulnerabilities

McAfee ePolicy Orchestrator is prone to multiple SQL-injection vulnerabilities.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

NOTE: This issue was previously discussed in BID 61145 (McAfee ePolicy Orchestrator Multiple SQL Injection and Cross Site Scripting Vulnerabilities) but has been given its own record to better document it.

McAfee ePolicy Orchestrator 4.6.6 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus