RETIRED: McAfee ePolicy Orchestrator Multiple SQL Injection and Cross Site Scripting Vulnerabilities

McAfee ePolicy Orchestrator is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

McAfee ePolicy Orchestrator 4.6.6 is vulnerable; other versions may also be affected.

This BID is being retired. The following individual records exist to better document the issues:

61421 McAfee ePolicy Orchestrator Multiple SQL Injection Vulnerabilities
61422 McAfee ePolicy Orchestrator Multiple Cross Site Scripting Vulnerabilities


Privacy Statement
Copyright 2010, SecurityFocus