CVE-2022-0842
Summary
| CVE | CVE-2022-0842 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-23 14:15:00 UTC |
| Updated | 2023-11-15 20:24:00 UTC |
| Description | A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Epolicy Orchestrator | All | All | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | - | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_1 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_10 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_11 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_12 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_2 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_3 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_4 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_5 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_6 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_7 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_8 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_9 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin - ePolicy Orchestrator update addresses multiple product vulnerabilities (CVE-2022-0842, CVE-2022-0857, CVE-2022-0858, CVE-2022-0859, CVE-2022-0861, CVE-2022-0862) and updates Java, Apache HTTP Server, and Tomcat | CONFIRM | kc.mcafee.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.