Cleartext Transmission of Sensitive Information in McAfee DBSec
CVE-2021-23896

3.2LOW

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Database Security (dbsec)
Vendor: CVE Published:; 2 June 2021

Summary

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

Affected Version(s)

McAfee Database Security (DBSec) < 4.8.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2021
Vulnerability Reserved
Jan 12, 2021