SQL Injection Vulnerability in Intel Security McAfee ePolicy Orchestrator (ePO) Allows Unauthorized Database Access and Agent Impersonation

SQL Injection Vulnerability in Intel Security McAfee ePolicy Orchestrator (ePO) Allows Unauthorized Database Access and Agent Impersonation

CVE-2016-8027 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

Learn more about our Web Application Penetration Testing UK.