Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4882

Опубликовано: 22 июл. 2013
Источник: nvd
CVSS2: 6.5
EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
Версия до 4.6.6 (включая)
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01098
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-r8g4-4j5g-w475

github
больше 3 лет назад

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

EPSS

Процентиль: 78%
0.01098
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89