Mcafee Database Security (Dbsec)
Approved changes feed: RSS · Atom
cpe:2.3:a:mcafee,llc:mcafee_database_security_(dbsec):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mcafee,Llc (a07eec98-d34c-5045-9a0e-859fd3b6002d) |
|---|---|
| Product | Mcafee Database Security (Dbsec) (8f57b22b-e755-58ea-8bfc-1acc2f28f4f5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-31850 |
vulnerable | 2026-06-03 14:44:33.628172 |
Denial of Service in Database Security on Windows
MEDIUM (6.1)
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.
Published: 2021-12-08T11:00:13.000Z
Updated: 2024-08-03T23:10:30.698Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31831 |
vulnerable | 2026-06-03 14:44:33.591110 |
Incorrect access to deleted scripts vulnerability in McAfee DBSec
MEDIUM (4.9)
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
Published: 2021-06-03T10:10:11.000Z
Updated: 2024-08-03T23:10:30.869Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31830 |
vulnerable | 2026-06-03 14:44:33.590117 |
Cross site Scripting (XSS) vulnerability in McAfee DBSec
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
Published: 2021-06-03T10:10:16.000Z
Updated: 2024-08-03T23:10:30.698Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23896 |
vulnerable | 2026-06-03 14:43:55.854093 |
Cleartext Transmission of Sensitive Information in McAfee DBSec
LOW (3.2)
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
Published: 2021-06-02T13:10:15.000Z
Updated: 2024-08-03T19:14:09.467Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23895 |
vulnerable | 2026-06-03 14:43:55.853749 |
Authorized deserialization of untrusted data in McAfee DBSec
CRITICAL (9)
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Published: 2021-06-02T13:05:20.000Z
Updated: 2024-08-03T19:14:09.408Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23894 |
vulnerable | 2026-06-03 14:43:55.852747 |
Unauthorized deserialization of untrusted data in McAfee DBSec
CRITICAL (9.6)
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Published: 2021-06-02T13:05:15.000Z
Updated: 2024-08-03T19:14:09.394Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.