CVE-2021-31850
MEDIUMMcAfee Database Security < 4.8.4 - Authenticated Denial of Service and Arbitrary File Write via Archiving Configuration
Title source: llmDescription
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10358
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1535/
Scores
CVSS v3
6.1
EPSS
0.0029
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-552
Status
published
Products (1)
mcafee/database_security
< 4.8.4
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026