SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
https://exchange.xforce.ibmcloud.com/vulnerabilities/91929
http://www.securitytracker.com/id/1029927