CVE-2021-23895 CRITICAL

CVE-2021-23895: Authorized deserialization of untrusted data in McAfee DBSec

Vendor Mcafee,Llc
Product McAfee Database Security (DBSec)
Weakness CWE-502 · Unsafe deserialization
Published June 2, 2021
Last update August 3, 2024

CVSS base score

9.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Key dates

02Disclosure timeline

June 2, 2021 CVE published
August 3, 2024 Record updated