CVE-2021-31849SQL Injection in Data Loss Prevention EPO Extension

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGHNVD
CNA8.4
EPSS
0.4%
top 39.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Data Loss Prevention EPO ExtensionMcafee Data Loss Prevention Endpoint
Timeline
PublishedNov 1
Latest updateMay 24

Description

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee/data_loss_prevention_epo_extensionunspecified11.7.100+1
NVDmcafee/data_loss_prevention_endpoint11.6.011.6.400+1

🔴Vulnerability Details

2
GHSA
GHSA-p5vq-v446-g576: SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 112022-05-24
CVEList
Data Loss Prevention (DLP) ePO extension - SQL injection2021-11-01
CVE-2021-31849 — SQL Injection in Mcafee | cvebase