CVE-2013-0140

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.

Published: May 1, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0140
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mcafee / epolicy_orchestrator	2.5.1	2.5.1.x
mcafee / epolicy_orchestrator	4.5.4	4.5.4.x
mcafee / epolicy_orchestrator	3.0	3.0.x
mcafee / epolicy_orchestrator	-	4.5.6.x
mcafee / epolicy_orchestrator	3.0-sp2a	3.0-sp2a.x
mcafee / epolicy_orchestrator	2.5	2.5.x
mcafee / epolicy_orchestrator	4.5.0	4.5.0.x
mcafee / epolicy_orchestrator	4.0	4.0.x
mcafee / epolicy_orchestrator	2.5-sp1	2.5-sp1.x
mcafee / epolicy_orchestrator	3.6.0	3.6.0.x
mcafee / epolicy_orchestrator	4.5.5	4.5.5.x
mcafee / epolicy_orchestrator	3.5.0	3.5.0.x
mcafee / epolicy_orchestrator	2.0	2.0.x
mcafee / epolicy_orchestrator	4.5.3	4.5.3.x
mcafee / epolicy_orchestrator	3.6.1	3.6.1.x
mcafee / epolicy_orchestrator	4.6.0	4.6.0.x
mcafee / epolicy_orchestrator	4.6.5	4.6.5.x
mcafee / epolicy_orchestrator	4.6.3	4.6.3.x
mcafee / epolicy_orchestrator	4.6.2	4.6.2.x
mcafee / epolicy_orchestrator	4.6.4	4.6.4.x
mcafee / epolicy_orchestrator	4.6.1	4.6.1.x

Vulnerability Database

289,697

CVE-2013-0140