McAfee.ePolicy.Orchestrator.UID.Multiple.SQL.Injection
Description
This indicates an attack attempt to exploit a SQL Command Injection vulnerability in McAfee ePolicy Orchestrator.
The vulnerability is due to an insufficient input validation error when vulnerable software parses crafted HTTP requests. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.
Affected Products
McAfee ePolicy Orchestrator 4.6.6 and prior
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://kc.mcafee.com/corporate/index?page=content&id=KB78824
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |