Vulnerabilities > Mcafee > Database Security

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-31850 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server.
network
low complexity
mcafee CWE-552
6.1
2021-06-03 CVE-2021-31830 Cross-site Scripting vulnerability in Mcafee Database Security 4.6.6/4.8.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored.
network
low complexity
mcafee CWE-79
4.8
2021-06-03 CVE-2021-31831 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console.
low complexity
mcafee CWE-552
5.5
2021-06-02 CVE-2021-23896 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Database Security 4.6.6/4.8.0
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server.
low complexity
mcafee CWE-319
4.5
2021-06-02 CVE-2021-23894 Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
low complexity
mcafee CWE-502
8.8
2021-06-02 CVE-2021-23895 Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
low complexity
mcafee CWE-502
8.0
2020-12-10 CVE-2020-7339 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mcafee Database Security 4.6.6
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
low complexity
mcafee CWE-327
6.3
2019-03-12 CVE-2019-3615 Information Exposure vulnerability in Mcafee Database Security 4.6.6
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
low complexity
mcafee CWE-200
6.8