Title

McAfee Agent ePO Extension SQL Injection Vulnerability (Cat II impact)

Discussion

McAfee has released a Security Bulletin to address a vulnerability in the ePO extension for McAfee Agent (MA). McAfee ePolicy Orchestrator is a suite of applications that provides antivirus, antispyware, system firewalls, host IPS, content filtering, and patch management. The McAfee Agent is the client-side component that provides secure communication between McAfee managed products and ePolicy Orchestrator. To exploit this vulnerability an attacker would submit a specially-crafted URL to the affected application. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-39066

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.