CVE-2022-0859: 
McAfee ePolicy Orchestrator vulnerability analysis and mitigation

McAfee Enterprise ePolicy Orchestrator (ePO) prior to version 5.10 Update 13 contains a vulnerability identified as CVE-2022-0859. The vulnerability was discovered and disclosed in March 2022, affecting the ePO server management system. This security issue allows a local attacker with administrative access to redirect an ePO server to an arbitrary SQL server during the restoration process (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 score with the following metrics: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a high severity rating. The attack requires local access, high privileges, and high attack complexity. For successful exploitation, the attacker must have administrator access to the server hosting the ePO server and knowledge of the SQL server password (NVD).

If successfully exploited, this vulnerability could allow an attacker to redirect the ePO server to an arbitrary SQL server during the restoration process, potentially compromising the confidentiality, integrity, and availability of the system (CVE Mitre).

The vulnerability has been addressed in McAfee Enterprise ePolicy Orchestrator (ePO) version 5.10 Update 13. Organizations using affected versions should upgrade to the patched version to mitigate this security risk (CVE Mitre).