Description
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10359
Scores
CVSS v3
4.9
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-552
Status
published
Products (1)
mcafee/database_security
< 4.8.2
Published
Jun 03, 2021
Tracked Since
Feb 18, 2026