Lucene search

TrellixCVELIST:CVE-2021-31850

HistoryDec 08, 2021 - 11:00 a.m.

CVE-2021-31850 Denial of Service in Database Security on Windows

2021-12-0811:00:13

CWE-552

trellix

www.cve.org

denial-of-service

database security

windows

remote authenticated administrator

archiving

user interface

windows system directories

sensitive data

data destruction

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "McAfee Database Security (DBSec)",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "4.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10358

www.zerodayinitiative.com/advisories/ZDI-21-1535/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

Related for CVELIST:CVE-2021-31850