A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HMcafee Agent
APPMcafee< 5.7.6
Related vulnerabilities
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0...
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users t...
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user...
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during ...
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject...