Vulnerabilities > CVE-2021-31850 - Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mcafee

CWE-552

NVD

Published: 2021-12-08

Updated: 2023-11-07

Summary

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Database Security - Mcafee Database Security 4.6.6 Mcafee Database Security 4.8.0 Mcafee Database Security 4.8.2 Mcafee Database Security 4.8.3	5
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References