CVE-2013-4882: SQL Injection
First published: Sun Jul 21 2013(Updated: )
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee ePolicy Orchestrator | <=4.6.6 | |
| McAfee ePolicy Orchestrator | =4.6.0 | |
| McAfee ePolicy Orchestrator | =4.6.1 | |
| McAfee ePolicy Orchestrator | =4.6.2 | |
| McAfee ePolicy Orchestrator | =4.6.3 | |
| McAfee ePolicy Orchestrator | =4.6.4 | |
| McAfee ePolicy Orchestrator | =4.6.5 | |
| McAfee ePolicy Orchestrator agent | =4.5 | |
| McAfee ePolicy Orchestrator agent | =4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/4.6.6
- version/mcafee epolicy orchestrator/4.6.0
- version/mcafee epolicy orchestrator/4.6.1
- version/mcafee epolicy orchestrator/4.6.2
- version/mcafee epolicy orchestrator/4.6.3
- version/mcafee epolicy orchestrator/4.6.4
- version/mcafee epolicy orchestrator/4.6.5
- canonical/mcafee epolicy orchestrator agent
- version/mcafee epolicy orchestrator agent/4.5
- version/mcafee epolicy orchestrator agent/4.6