CVE-2021-23896

low-risk
Published 2021-06-02

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.2/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Database Security

Affected Vendors

Mcafee

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10359
https://kc.mcafee.com/corporate/index?page=content&id=SB10359
17
/ 100
low-risk
Severity 12/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal