Unrated severityNVD Advisory· Published Mar 23, 2022· Updated Aug 2, 2024
ePO database restoration vulnerability
CVE-2022-0859
Description
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.
Affected products
2<5.10 Update 13+ 1 more
- (no CPE)range: <5.10 Update 13
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.