Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Database Security Security Vulnerabilities

cve
cve

CVE-2019-3615

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.

6.8CVSS

6.5AI Score

0.001EPSS

2019-03-12 10:00 PM
20
cve
cve

CVE-2020-7339

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.

6.3CVSS

6.2AI Score

0.001EPSS

2020-12-10 12:15 AM
26
cve
cve

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

9.6CVSS

8.6AI Score

0.008EPSS

2021-06-02 01:15 PM
30
2
cve
cve

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

9CVSS

7.5AI Score

0.002EPSS

2021-06-02 01:15 PM
20
2
cve
cve

CVE-2021-23896

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...

4.5CVSS

4.7AI Score

0.0004EPSS

2021-06-02 02:15 PM
18
cve
cve

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

5.9CVSS

5.1AI Score

0.001EPSS

2021-06-03 11:15 AM
19
4
cve
cve

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

5.5CVSS

5.9AI Score

0.001EPSS

2021-06-03 10:15 AM
20
4
cve
cve

CVE-2021-31850

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files i...

6.1CVSS

5.9AI Score

0.004EPSS

2021-12-08 11:15 AM
20
2