Cleartext Transmission of Sensitive Information in McAfee DBSec
CVE-2021-23896

3.2LOW

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Database Security (dbsec)
Vendor: CVE Published:; 2 June 2021

What is CVE-2021-23896?

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

Affected Version(s)

McAfee Database Security (DBSec) < 4.8.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2021
Vulnerability Reserved
Jan 12, 2021

Mcafee,llc

What is CVE-2021-23896?

Affected Version(s)

References

CVSS V3.1

Timeline