CVE-2021-23896 LOW

CVE-2021-23896: Cleartext Transmission of Sensitive Information in McAfee DBSec

Vendor Mcafee,Llc
Product McAfee Database Security (DBSec)
Weakness CWE-319 · Cleartext transmission
Published June 2, 2021
Last update August 3, 2024

CVSS base score

3.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

Key dates

02Disclosure timeline

June 2, 2021 CVE published
August 3, 2024 Record updated