Vulnerabilities > Mcafee > Epolicy Orchestrator > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2017-3936 OS Command Injection vulnerability in Mcafee Epolicy Orchestrator
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
network
low complexity
mcafee CWE-78
critical
9.8
2017-03-14 CVE-2016-8027 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
network
low complexity
mcafee CWE-89
critical
10.0