CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*

History

15 Nov 2023, 21:17

Type Values Removed Values Added
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 8.0
CWE CWE-502
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Broken Link

07 Nov 2023, 03:31

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 -
CWE CWE-502

Information

Published : 2021-06-02 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-23895

Mitre link : CVE-2021-23895

CVE.ORG link : CVE-2021-23895


JSON object : View

Products Affected

mcafee

  • database_security
CWE
CWE-502

Deserialization of Untrusted Data