Описание
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
Уязвимые конфигурации
Конфигурация 1Версия от 11.7.0 (включая) до 11.7.101 (исключая)Версия от 11.8.0 (включая) до 11.8.100 (исключая)
Одно из
cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:epolicy_orchestrator:*:*
cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:epolicy_orchestrator:*:*
cpe:2.3:a:mcafee:data_loss_prevention:11.6.401:*:*:*:*:epolicy_orchestrator:*:*
EPSS
Процентиль: 79%
0.01212
Низкий
8.4 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 7.2
github
около 4 лет назад
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
EPSS
Процентиль: 79%
0.01212
Низкий
8.4 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89