Vulnerabilities > CVE-2021-23895 - Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |