McAfee Database Security

Do you want an email whenever new security vulnerabilities are reported in McAfee Database Security?

By the Year

In 2023 there have been 0 vulnerabilities in McAfee Database Security . Database Security did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	0	0.00
2021	5	7.34
2020	1	6.30
2019	1	6.80
2018	0	0.00

It may take a day or so for new Database Security vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent McAfee Database Security Security Vulnerabilities

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2

CVE-2021-31830 4.8 - Medium - June 03, 2021

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.

XSS

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2

CVE-2021-31831 8.8 - High - June 03, 2021

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.

Files or Directories Accessible to External Parties

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2

CVE-2021-23896 4.5 - Medium - June 02, 2021

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

Cleartext Transmission of Sensitive Information

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2

CVE-2021-23895 8.8 - High - June 02, 2021

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Marshaling, Unmarshaling

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2

CVE-2021-23894 9.8 - Critical - June 02, 2021

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Marshaling, Unmarshaling

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate

CVE-2020-7339 6.3 - Medium - December 10, 2020

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.

Use of a Broken or Risky Cryptographic Algorithm

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update

CVE-2019-3615 6.8 - Medium - March 12, 2019

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for McAfee Database Security or by McAfee? Click the Watch button to subscribe.

McAfee
Vendor

McAfee Database Security
Product

McAfee Database Security

By the Year

Recent McAfee Database Security Security Vulnerabilities

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 CVE-2021-31830 4.8 - Medium - June 03, 2021

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 CVE-2021-31831 8.8 - High - June 03, 2021

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 CVE-2021-23896 4.5 - Medium - June 02, 2021

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 CVE-2021-23895 8.8 - High - June 02, 2021

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 CVE-2021-23894 9.8 - Critical - June 02, 2021

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate CVE-2020-7339 6.3 - Medium - December 10, 2020

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update CVE-2019-3615 6.8 - Medium - March 12, 2019