CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-8027

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile19.26th
Published2017年3月14日
Last Modified2026年5月13日

Vulnerability Description

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

Affected Platforms (CPE)

📦
Mcafee

Epolicy Orchestrator

>= 5.1.0 and <= 5.1.3
📦
Mcafee

Epolicy Orchestrator

>= 5.3.0 and <= 5.3.2

References & Advisories

🔗 http://www.securityfocus.com/bid/95981
🔗 http://www.securitytracker.com/id/1037777
🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10187
🔗 http://www.securityfocus.com/bid/95981
🔗 http://www.securitytracker.com/id/1037777
🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10187

関連する脆弱性情報

CVE-2006-515610.0

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to ex...

CVE-2002-069010.0

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code ...

CVE-2007-14989.3

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console...

CVE-2015-87658.3

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix...