Intrusion Prevention

McAfee.ePolicy.Orchestrator.UID.Multiple.SQL.Injection

Description

This indicates an attack attempt to exploit a SQL Command Injection vulnerability in McAfee ePolicy Orchestrator.
The vulnerability is due to an insufficient input validation error when vulnerable software parses crafted HTTP requests. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.

Affected Products

McAfee ePolicy Orchestrator 4.6.6 and prior

Impact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://kc.mcafee.com/corporate/index?page=content&id=KB78824

CVE References

CVE-2013-4882