N/A

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

N/A

N/A

McAfee ePolicy Orchestrator SQL注入漏洞

McAfee ePolicy Orchestrator（ePO）和McAfee Agent（MA）都是美国迈克菲（McAfee）公司的产品。ePO是一套可实现对系统、网络等进行集中管理的安全管理软件。MA是一套可定期从服务器中下载更新、策略、任务等的代理程序。 McAfee ePolicy Orchestrator 4.6.6及之前的版本和ePO扩展for McAfee Agent (MA) 4.5和4.6版本中存在多个SQL注入漏洞。远程经过授权的攻击者可通过向core/showRegisteredTy

N/A

N/A