Vulnerability Details : CVE-2021-31831
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
Products affected by CVE-2021-31831
- cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31831
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31831
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
1.5
|
3.4
|
McAfee (DEFUNCT) | |
4.9
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
1.5
|
3.4
|
Trellix |
CWE ids for CVE-2021-31831
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by:
- nvd@nist.gov (Primary)
- psirt@mcafee.com (Primary)
- trellixpsirt@trellix.com (Secondary)
References for CVE-2021-31831
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10359
McAfee Security Bulletin - Database Security update fixes five vulnerabilities (CVE-2021-23894, CVE-2021-23895, CVE-2021-23896, CVE-2021-23897, CVE-2021-23898)Broken Link
Jump to