← back
CVE-2021-23896

Cleartext Transmission of Sensitive Information in McAfee DBSec

CVSS 3.2 LOWEPSS 0.2%CWE-319
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jun 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Affected products
McAfee,LLC · McAfee Database Security (DBSec)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10359