12 matches found
CVE-2021-31830
CVE-2021-31830 affects McAfee Database Security (DBSec) prior to 4.8.2. The issue is an XSS vulnerability caused by improper neutralization of input in the web page generation when an administrator configures the name of a database to monitor. Triggering condition: when any authorized user logs i...
CVE-2021-31831
CVE-2021-31831 concerns McAfee Database Security (DBSec) prior to 4.8.2. Affected component: REST API access to signed SQL scripts marked as deleted/expired in the administrative console. Root cause: incorrect access control allowing a remote authenticated attacker to gain access to these scripts...
CVE-2021-23896
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...
Design/Logic Flaw
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Deserialization of untrusted data
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Deserialization of untrusted data
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23896
CVE-2021-23896 involves the McAfee Database Security (DBSec) administrator interface prior to version 4.8.2, where a cleartext transmission of sensitive information allows an administrator to view the unencrypted password used by the McAfee Insights Server to pass data to the Insights Server. Aff...
CVE-2021-23895 Authorized deserialization of untrusted data in McAfee DBSec
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23895
CVE-2021-23895 describes a deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2. A remote authenticated attacker can abuse a crafted Java serialized object sent to the DBSec server to spawn a reverse shell with administrator privileges. Affected compo...
CVE-2021-23894
CVE-2021-23894 describes a deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to version 4.8.2. The issue allows a remote unauthenticated attacker to trigger a reverse shell with administrator privileges on the DBSec server by sending a carefully constructed...