Skip to main content

Database Security

8 CVEs product

Monthly

CVE-2021-31850 MEDIUM This Month

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Information Disclosure Database Security
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-31830 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Database Security
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-31831 MEDIUM This Month

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Database Security
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-23896 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2021-23895 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2021-23894 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-7339 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2019-3615 MEDIUM This Month

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.0
6.8
EPSS
0.3%
EPSS 1% CVSS 6.1
MEDIUM This Month

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Information Disclosure +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Database Security
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Database Security
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy