McAfee ePolicy Orchestrator CVE-2013-0140 SQL Injection Vulnerabilitiy

McAfee ePolicy Orchestrator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. Successfully exploiting this issue may lead to remote code-execution; however, it has not been confirmed.

The following versions are vulnerable:

McAfee ePolicy Orchestrator 4.5 through versions 4.5.6 are vulnerable
McAfee ePolicy Orchestrator 4.6 through versions 4.6.5 are vulnerable


Privacy Statement
Copyright 2010, SecurityFocus