CVE-2021-23896

Published at:
2021-06-02T14:15:09.917
Source: [email protected]

Global infos:

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorADJACENT_NETWORK
    Availability ImpactNONE
    Base Score3.2
    Base SeverityLOW
    Confidentiality ImpactLOW
    Integrity ImpactLOW
    Privileges RequiredHIGH
    ScopeUNCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
    Exploitability Score0.7
    Impact Score2.5
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords