CVE-2022-0859

MEDIUM Year: 2022
CVSS v3 Score
6.7
Medium
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Related Vulnerabilities

CVE-2016-9360

MEDIUM
CVSS:6.7(Medium)

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Versio...

CWE-5222016

CVE-2017-5704

MEDIUM
CVSS:6.7(Medium)

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password info...

CWE-5222017

CVE-2017-9969

MEDIUM
CVSS:6.7(Medium)

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in expos...

CWE-5222017

CVE-2018-12260

MEDIUM
CVSS:6.7(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all dev...

CWE-5222018

CVE-2019-10210

MEDIUM
CVSS:6.7(Medium)

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

CWE-5222019

CVE-2023-50770

MEDIUM
CVSS:6.7(Medium)

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Je...

CWE-5222023