CVE-2021-4088
HIGHMcAfee Data Loss Prevention 11.6.401 11.7.0-11.7.100 11.8.0-11.8.99 - Authenticated SQL Injection
Title source: llmDescription
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10376
Scores
CVSS v3
8.4
EPSS
0.0121
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
mcafee/data_loss_prevention
11.6.401
mcafee/data_loss_prevention
11.7.0 - 11.7.101
Published
Jan 24, 2022
Tracked Since
Feb 18, 2026