What is CVE-2021-4088?

CVE-2021-4088 is a SQL injection vulnerability in the Data Loss Protection (DLP) ePO extension.

What is the severity of CVE-2021-4088?

The severity of CVE-2021-4088 is high with a CVSS score of 7.2.

How can I fix CVE-2021-4088?

To fix CVE-2021-4088, update the Data Loss Prevention (DLP) ePO extension to version 11.8.100, 11.7.101, or 11.6.401 depending on the affected version.

Where can I find more information about CVE-2021-4088?

You can find more information about CVE-2021-4088 at the following link: [McAfee Security Bulletin SB10376](https://kc.mcafee.com/corporate/index?page=content&id=SB10376)

Vulnerability/
CVE-2021-4088

high

8.4

CWE

24/1/2022

3/8/2024

CVE-2021-4088: Blind SQL injection in DLP ePO extension

Q: How does CVE-2021-4088 affect the affected software?

CVE-2021-4088 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database, potentially leading to remote code execution on the ePO server.

First published: Mon Jan 24 2022(Updated: )

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
Mcafee Data Loss Prevention	>=11.7.0<11.7.101
Mcafee Data Loss Prevention	>=11.8.0<11.8.100
Mcafee Data Loss Prevention	=11.6.401

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10376

Never miss a vulnerability like this again

Reference Links

https://kc.mcafee.com/corporate/index?page=content&id=SB10376

Frequently Asked Questions

What is CVE-2021-4088?
CVE-2021-4088 is a SQL injection vulnerability in the Data Loss Protection (DLP) ePO extension.
How does CVE-2021-4088 affect the affected software?
CVE-2021-4088 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database, potentially leading to remote code execution on the ePO server.
What is the severity of CVE-2021-4088?
The severity of CVE-2021-4088 is high with a CVSS score of 7.2.
How can I fix CVE-2021-4088?
To fix CVE-2021-4088, update the Data Loss Prevention (DLP) ePO extension to version 11.8.100, 11.7.101, or 11.6.401 depending on the affected version.
Where can I find more information about CVE-2021-4088?
You can find more information about CVE-2021-4088 at the following link: [McAfee Security Bulletin SB10376](https://kc.mcafee.com/corporate/index?page=content&id=SB10376)

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/remedy
agent/last-modified-date
agent/title
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/mcafee
canonical/mcafee data loss prevention
version/mcafee data loss prevention/11.7.0
version/mcafee data loss prevention/11.8.0
version/mcafee data loss prevention/11.6.401

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.