SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10371 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
15 Nov 2023, 19:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10371 - Broken Link | |
CWE | CWE-89 |
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10371 - |
03 Nov 2021, 14:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
CPE | cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:* | |
References | (MISC) https://kc.mcafee.com/corporate/index?page=content&id=SB10371 - Vendor Advisory |
01 Nov 2021, 20:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-01 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-31849
Mitre link : CVE-2021-31849
CVE.ORG link : CVE-2021-31849
JSON object : View
Products Affected
mcafee
- data_loss_prevention_endpoint
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')