CVE-2021-31830

Name of the Vulnerable Software and Affected Versions McAfee Database Security versions prior to 4.8.2

Description The issue allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.

Recommendations For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the database properties configuration page to minimize the risk of exploitation. Avoid using the database name field for embedding JavaScript code until the issue is resolved.