CyberSec.Space Logo
Back to CVE Browser

CVE-2016-8027

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile19.26th
PublishedMar 14, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

Affected Platforms (CPE)

πŸ“¦
Mcafee

Epolicy Orchestrator

>= 5.1.0 and <= 5.1.3
πŸ“¦
Mcafee

Epolicy Orchestrator

>= 5.3.0 and <= 5.3.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/95981
πŸ”— http://www.securitytracker.com/id/1037777
πŸ”— https://kc.mcafee.com/corporate/index?page=content&id=SB10187
πŸ”— http://www.securityfocus.com/bid/95981
πŸ”— http://www.securitytracker.com/id/1037777
πŸ”— https://kc.mcafee.com/corporate/index?page=content&id=SB10187

Related Vulnerabilities

CVE-2006-515610.0

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to ex...

CVE-2002-069010.0

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code ...

CVE-2007-14989.3

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console...

CVE-2015-87658.3

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix...