Blind SQL injection in DLP ePO extension
CVE-2021-4088

8.4HIGH

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Data Loss Prevention (dlp) Epo Extension
Vendor: CVE Published:; 24 January 2022

What is CVE-2021-4088?

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

McAfee Data Loss Prevention (DLP) ePO Extension 11.8.x < 11.8.100

McAfee Data Loss Prevention (DLP) ePO Extension 11.7.x < 11.7.101

McAfee Data Loss Prevention (DLP) ePO Extension 11.6.x < 11.6.401

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2022
Vulnerability Reserved
Dec 9, 2021

JSON

Mcafee,llc

What is CVE-2021-4088?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.