CVE-2021-23894

Summary

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Affected Software

VendorProductVersion RangeStatus
McAfee,LLCMcAfee Database Security (DBSec)unspecified < 4.8.2affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References