CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*

History

15 Nov 2023, 18:47

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : 9.8
v2 : 10.0
v3 : 8.8
CWE CWE-502
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Broken Link

07 Nov 2023, 03:31

Type Values Removed Values Added
CWE CWE-502
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 -

Information

Published : 2021-06-02 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-23894

Mitre link : CVE-2021-23894

CVE.ORG link : CVE-2021-23894


JSON object : View

Products Affected

mcafee

  • database_security
CWE
CWE-502

Deserialization of Untrusted Data