CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:52

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Broken Link () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Broken Link
CVSS v2 : 9.0
v3 : 8.0
v2 : 9.0
v3 : 9.0

15 Nov 2023, 21:17

Type Values Removed Values Added
CWE CWE-502
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Broken Link
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 8.0

07 Nov 2023, 03:31

Type Values Removed Values Added
CWE CWE-502
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10359 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10359 -

Information

Published : 2021-06-02 13:15

Updated : 2024-11-21 05:52


NVD link : CVE-2021-23895

Mitre link : CVE-2021-23895

CVE.ORG link : CVE-2021-23895


JSON object : View

Products Affected

mcafee

  • database_security
CWE
CWE-502

Deserialization of Untrusted Data