CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

Published: Mar 23, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-0842
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mcafee / epolicy_orchestrator	5.10.0-update_1	5.10.0-update_1.x
mcafee / epolicy_orchestrator	5.10.0-update_2	5.10.0-update_2.x
mcafee / epolicy_orchestrator	5.10.0-update_3	5.10.0-update_3.x
mcafee / epolicy_orchestrator	5.10.0-update_4	5.10.0-update_4.x
mcafee / epolicy_orchestrator	5.10.0-update_5	5.10.0-update_5.x
mcafee / epolicy_orchestrator	5.10.0-update_6	5.10.0-update_6.x
mcafee / epolicy_orchestrator	5.10.0	5.10.0.x
mcafee / epolicy_orchestrator	-	5.10.0
mcafee / epolicy_orchestrator	5.10.0-update_7	5.10.0-update_7.x
mcafee / epolicy_orchestrator	5.10.0-update_8	5.10.0-update_8.x
mcafee / epolicy_orchestrator	5.10.0-update_9	5.10.0-update_9.x
mcafee / epolicy_orchestrator	5.10.0-update_10	5.10.0-update_10.x
mcafee / epolicy_orchestrator	5.10.0-update_11	5.10.0-update_11.x
mcafee / epolicy_orchestrator	5.10.0-update_12	5.10.0-update_12.x

https://kc.mcafee.com/corporate/index?page=content&id=SB10379

Vulnerability Database

289,599

CVE-2022-0842