CVE-2021-31831 MEDIUM

CVE-2021-31831: Incorrect access to deleted scripts vulnerability in McAfee DBSec

Vendor Mcafee,Llc
Product McAfee Database Security (DBSec)
Weakness CWE-552 · Files accessible externally
Published June 3, 2021
Last update August 3, 2024

CVSS base score

4.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Key dates

02Disclosure timeline

June 3, 2021 CVE published
August 3, 2024 Record updated