Intrusion Prevention



This indicates an attack attempt to exploit a SQL Command Injection vulnerability in McAfee ePolicy Orchestrator.
The vulnerability is due to an insufficient input validation error when vulnerable software parses crafted HTTP requests. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.

Affected Products

McAfee ePolicy Orchestrator 4.6.6 and prior


System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

Recommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References