Vulnerability Details : CVE-2021-31850
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.
Vulnerability category: Denial of service
Products affected by CVE-2021-31850
- cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31850
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31850
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:N/I:P/A:P |
6.8
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
0.9
|
5.2
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
0.9
|
5.2
|
McAfee (DEFUNCT) |
CWE ids for CVE-2021-31850
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by:
- nvd@nist.gov (Primary)
- psirt@mcafee.com (Secondary)
References for CVE-2021-31850
-
https://www.zerodayinitiative.com/advisories/ZDI-21-1535/
ZDI-21-1535 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10358
Security Bulletin - Database Security on Windows update fixes Denial of Service vulnerability (CVE-2021-31850)Patch;Vendor Advisory
Jump to