Deserialization of untrusted data

2021-06-0213:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

CPENameOperatorVersion
database_securitylt4.8.2

CPE	Name	Operator	Version
	database_security	lt	4.8.2

References

kc.mcafee.com/corporate/index?page=content&id=SB10359