CVE-2022-1258: SQL injection vulnerability in McAfee Agent's ePO extension
First published: Thu Apr 14 2022(Updated: )
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Agent | <5.7.6 | |
| McAfee ePolicy Orchestrator |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-1258?
CVE-2022-1258 is a blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of McAfee Agent (MA) prior to 5.7.6.
How can the blind SQL injection vulnerability in McAfee Agent (MA) be exploited?
The blind SQL injection vulnerability in McAfee Agent (MA) can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
What is the severity of CVE-2022-1258?
CVE-2022-1258 has a severity rating of 7.2 (high).
Which versions of McAfee Agent (MA) are affected by CVE-2022-1258?
Versions of McAfee Agent (MA) prior to 5.7.6 are affected by CVE-2022-1258.
How can I fix the blind SQL injection vulnerability in McAfee Agent (MA)?
To fix the blind SQL injection vulnerability, it is recommended to update McAfee Agent (MA) to version 5.7.6 or later.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee agent
- canonical/mcafee epolicy orchestrator