CVE-2021-31849

Summary

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

Affected Software

VendorProductVersion RangeStatus
McAfeeData Loss Prevention (DLP) ePO extensionunspecified < 11.7.100affected
McAfeeData Loss Prevention (DLP) ePO extensionunspecified < 11.6.400affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References