Vulnerabilities > CVE-2021-31831 - Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0

047910
CVSS 5.5 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
low complexity
mcafee
CWE-552

Summary

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Vulnerable Configurations

Part Description Count
Application
Mcafee
3