CVE-2021-31831: Incorrect access to deleted scripts vulnerability in McAfee DBSec
First published: Thu Jun 03 2021(Updated: )
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Database Security | <4.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-31831?
CVE-2021-31831 is a vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 that allows a remote attacker to gain access to signed SQL scripts marked as deleted or expired.
How severe is CVE-2021-31831?
CVE-2021-31831 has a severity rating of 8.8, which is considered high.
How can I fix CVE-2021-31831?
To fix CVE-2021-31831, users should update to version 4.8.2 or higher of McAfee Database Security (DBSec).
Where can I find more information about CVE-2021-31831?
You can find more information about CVE-2021-31831 on the McAfee support website: https://kc.mcafee.com/corporate/index?page=content&id=SB10359
What is the CWE-ID of CVE-2021-31831?
The CWE-ID of CVE-2021-31831 is 552.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee database security