Incorrect access to deleted scripts vulnerability in McAfee DBSec
CVE-2021-31831

4.9MEDIUM

Key Information:

Vendor
Mcafee,llc
Status
Mcafee Database Security (dbsec)
Vendor
CVE Published:
3 June 2021

Summary

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Affected Version(s)

McAfee Database Security (DBSec) < 4.8.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-31831 : Incorrect access to deleted scripts vulnerability in McAfee DBSec | SecurityVulnerability.io