Incorrect access to deleted scripts vulnerability in McAfee DBSec
CVE-2021-31831

4.9MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Database Security (dbsec)
Vendor: CVE Published:; 3 June 2021

What is CVE-2021-31831?

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Affected Version(s)

McAfee Database Security (DBSec) < 4.8.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2021
Vulnerability Reserved
Apr 27, 2021

Mcafee,llc

What is CVE-2021-31831?

Affected Version(s)

References

CVSS V3.1

Timeline