Description
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- high
- User Action
- required
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-89CWE-89
Metadata
- Primary Vendor
- MCAFEE
- Published
- 1/24/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mcafee : data_loss_preventionmcafee : data_loss_preventionmcafee : data_loss_prevention
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.