CVE-2021-23896
Cleartext Transmission of Sensitive Information in McAfee DBSec
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
Una vulnerabilidad de Information Confidencial de la Transmision de Texto Sin cifrar en la interfaz de administrador de McAfee Database Security (DBSec) versiones anteriores a 4.8.2, permite a un administrador visualizar la contraseña no cifrada del servidor McAfee Insights utilizada para pasar datos al servidor Insights. Este usuario está restringido a tener acceso únicamente a los datos de DBSec en el Insights Server
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2021-06-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10359 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Database Security Search vendor "Mcafee" for product "Database Security" | < 4.8.2 Search vendor "Mcafee" for product "Database Security" and version " < 4.8.2" | - |
Affected
| ||||||