CVE-2022-0859

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 6.7

CVSS2: 4.4

EPSS Низкий

Описание

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*

Версия до 5.10.0 (исключая)

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00036

Низкий

6.5 Medium

CVSS3

6.7 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-9533-g28x-xwf2

CVSS3: 6.4

github

почти 4 года назад

EPSS

Процентиль: 11%

0.00036

Низкий

6.5 Medium

CVSS3

6.7 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-522