SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10376 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
15 Nov 2023, 20:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10376 - Broken Link |
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10376 - | |
CWE |
31 Jan 2022, 13:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
First Time |
Mcafee
Mcafee data Loss Prevention |
|
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10376 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:mcafee:data_loss_prevention:11.6.401:*:*:*:*:epolicy_orchestrator:*:* cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:epolicy_orchestrator:*:* |
24 Jan 2022, 17:30
Type | Values Removed | Values Added |
---|---|---|
Summary | SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. |
24 Jan 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-24 16:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-4088
Mitre link : CVE-2021-4088
CVE.ORG link : CVE-2021-4088
JSON object : View
Products Affected
mcafee
- data_loss_prevention
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')