McAfee ePolicy Orchestrator 5.1.x < 5.1.3 HF1167014 / 5.3.x < 5.3.1 HF1179709 / 5.3.x < 5.3.2 HF1167013 Blind SQL Injection (SB10187)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host is affected by a blind SQL injection

Description :

The remote Windows host is running a version of McAfee ePolicy
Orchestrator 5.1.x prior to 5.1.3 hotfix 1167014, 5.3.x prior to 5.3.1
hotfix 1179709, or 5.3.x prior to 5.3.2 hotfix 1167013. It is,
therefore, affected by a blind SQL injection vulnerability in the
ePolicy Orchestrator (ePO) Core Services component due to a failure to
properly sanitize user-supplied input to unspecified parameters. An
unauthenticated, remote attacker can exploit this vulnerability, via a
specially crafted HTTP POST request, to inject or manipulate SQL
queries, resulting in the disclosure or manipulation of arbitrary

See also :

Solution :

Upgrade to McAfee ePO version 5.1.3 hotfix 1167014 / 5.3.1 hotfix
1179709 / 5.3.2 hotfix 1167013 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 97352 ()

Bugtraq ID: 95981

CVE ID: CVE-2016-8027

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now