CVE-2021-23894 is a vulnerability in McAfee Database Security
Published on June 2, 2021
Unauthorized deserialization of untrusted data in McAfee DBSec
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
Vulnerability Analysis
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-23894 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-23894
Want to know whenever a new CVE is published for McAfee Database Security? stack.watch will email you.
Affected Versions
McAfee,LLC McAfee Database Security (DBSec):- Version unspecified and below 4.8.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.