CVE-2021-31831

EPSS 0.32%
Published 03.06.2021 10:15:07
Last modified 21.11.2024 06:06:18
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Database Security Version < 4.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.519

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	2.1	3.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
trellixpsirt@trellix.com	4.9	1.5	3.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://kc.mcafee.com/corporate/index?page=content&id=SB10359

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2021-31831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31831

EUVD