Summary
This host is running McAfee ePolicy Orchestrator and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data
Solution
Upgrade to McAfee ePolicy Orchestrator version 5.0 or 4.6.6 or 4.5.7 or later, For updates refer to http://www.mcafee.com/in/products/epolicy-orchestrator.aspx
Insight
Flaws are due to improper sanitation of user supplied input via 'uid' parameter to /EPOAGENTMETA/DisplayMSAPropsDetail.do script and specifically directory traversal style (e.g., ../../).
Affected
McAfee ePolicy Orchestrator (ePO) version before 4.5.7 and 4.6.x before 4.6.6
Detection
Get the installed version with the help detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-0140, CVE-2013-0141 -
CVSS Base Score: 7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- b2ePMS Multiple SQL Injection Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities