Data Loss Prevention (DLP) ePO extension - SQL injection

CVE-2021-31849

8.4HIGH

Key Information

Vendor: Mcafee
Status: Data Loss Prevention (dlp) Epo Extension
Vendor: CVE Published:; 1 November 2021

Summary

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

Affected Version(s)

Data Loss Prevention (DLP) ePO extension < 11.7.100

Data Loss Prevention (DLP) ePO extension < 11.6.400

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2021
Vulnerability Reserved
Apr 27, 2021

Collectors

NVD DatabaseMitre Database