Database Security@* Security Vulnerabilities and Issues — Database Security@* CVE List

McafeeDatabase Security*

7 matches found

CVE•added 2020/12/09 11:15 p.m.•60 views

CVE-2020-7339

CVE-2020-7339 affects McAfee Database Security Server and Sensor prior to version 4.8.0. The vulnerability stems from the use of SHA-1 signed certificates, enabling an attacker on the same local network to potentially intercept communication between the Server and Sensors. Publicly available conn...

6.3CVSS6.2AI score0.00172EPSS

CVE•added 2021/06/02 1:5 p.m.•60 views

CVE-2021-23894

CVE-2021-23894 describes a deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to version 4.8.2. The issue allows a remote unauthenticated attacker to trigger a reverse shell with administrator privileges on the DBSec server by sending a carefully constructed...

10CVSS8.7AI score0.02242EPSS

CVE•added 2021/06/02 1:5 p.m.•57 views

CVE-2021-23895

CVE-2021-23895 describes a deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2. A remote authenticated attacker can abuse a crafted Java serialized object sent to the DBSec server to spawn a reverse shell with administrator privileges. Affected compo...

9CVSS7.7AI score0.0187EPSS

CVE•added 2021/12/08 11:0 a.m.•50 views

CVE-2021-31850

CVE-2021-31850 describes a denial-of-service in McAfee Database Security (DBS) before 4.8.4. The issue arises from archiving functionality via the user interface, where an authenticated remote administrator can trigger DoS by abusing file operations and path handling. The root cause is improper v...

6.1CVSS6AI score0.00967EPSS

CVE•added 2021/06/03 10:10 a.m.•48 views

CVE-2021-31830

CVE-2021-31830 affects McAfee Database Security (DBSec) prior to 4.8.2. The issue is an XSS vulnerability caused by improper neutralization of input in the web page generation when an administrator configures the name of a database to monitor. Triggering condition: when any authorized user logs i...

5.9CVSS5.2AI score0.00501EPSS

CVE•added 2021/06/03 10:10 a.m.•47 views

CVE-2021-31831

CVE-2021-31831 concerns McAfee Database Security (DBSec) prior to 4.8.2. Affected component: REST API access to signed SQL scripts marked as deleted/expired in the administrative console. Root cause: incorrect access control allowing a remote authenticated attacker to gain access to these scripts...

6.5CVSS5.7AI score0.00636EPSS

CVE•added 2021/06/02 1:10 p.m.•45 views

CVE-2021-23896

CVE-2021-23896 involves the McAfee Database Security (DBSec) administrator interface prior to version 4.8.2, where a cleartext transmission of sensitive information allows an administrator to view the unencrypted password used by the McAfee Insights Server to pass data to the Insights Server. Aff...

4.5CVSS4.3AI score0.00204EPSS