VYPR

Database Security

by McAfee

CVEs (7)

  • CVE-2021-23894CriJun 2, 2021
    risk 0.63cvss 9.6epss 0.02

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the…

  • CVE-2021-23895CriJun 2, 2021
    risk 0.59cvss 9.0epss 0.02

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the…

  • CVE-2021-31850MedDec 8, 2021
    risk 0.40cvss 6.1epss 0.01

    A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of…

  • CVE-2021-31830MedJun 3, 2021
    risk 0.38cvss 5.9epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered…

  • CVE-2019-3615MedMar 12, 2019
    risk 0.34cvss 5.3epss 0.00

    Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.

  • CVE-2021-31831MedJun 3, 2021
    risk 0.32cvss 4.9epss 0.01

    Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only…

  • CVE-2021-23896LowJun 2, 2021
    risk 0.21cvss 3.2epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This…