Title

Multiple Vulnerabilities in McAfee ePolicy Orchestrator (Cat I impact)

Discussion

McAfee has released a security bulletin addressing multiple vulnerabilities in ePolicy Orchestrator. McAfee ePolicy Orchestrator (ePO) supports integration with external registered servers for a variety of purposes, such as data collection and aggregation. To exploit these vulnerabilities, an attacker could submit malicious input data containing properly formatted SQL syntax to the affected application through the affected parameter. If successfully exploited, these vulnerabilities would allow an attacker to cause a denial of service condition, gain unauthorized access, and execute arbitrary code in the context of the affected application.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-73915

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.