Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and previous versions, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee epolicy orchestrator 4.6.5 |
||
mcafee epolicy orchestrator 4.6.4 |
||
mcafee epolicy orchestrator |
||
mcafee epolicy orchestrator agent 4.5 |
||
mcafee epolicy orchestrator 4.6.3 |
||
mcafee epolicy orchestrator 4.6.2 |
||
mcafee epolicy orchestrator agent 4.6 |
||
mcafee epolicy orchestrator 4.6.0 |
||
mcafee epolicy orchestrator 4.6.1 |