CVE-2021-23894

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2

Description: The issue allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Recommendations: For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBSec server to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-23894

Affected Products

Mcafee Database Security

CVE-2021-23894

Weakness Enumeration

Related Identifiers

Affected Products

References · 4