PT-2021-4912 · Mcafee · Mcafee Data Loss Prevention (Dlp) Epo Extension
Published
2021-10-29
·
Updated
2023-11-15
·
CVE-2021-31849
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
McAfee Data Loss Prevention ePO extension versions prior to 11.7.100
Description
The issue is related to a lack of protection against special elements used in SQL queries, allowing a remote attacker to execute arbitrary SQL code. This can be done through the user management section of the DLP ePO extension. The attacker must be logged in as an administrator to exploit this issue.
Recommendations
For versions prior to 11.7.100, update to version 11.7.100 or later to resolve the issue. As a temporary workaround, consider restricting access to the user management section of the DLP ePO extension to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Data Loss Prevention (Dlp) Epo Extension