6.7

CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Data is provided by the National Vulnerability Database (NVD)
McafeeEpolicy Orchestrator Version < 5.10.0
McafeeEpolicy Orchestrator Version5.10.0 Update-
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_1
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_10
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_11
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_12
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_2
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_3
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_4
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_5
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_6
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_7
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_8
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.088
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com 6.5 0.6 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.