CVE-2021-4088

HIGH

Mcafee Data Loss Prevention < 11.7.101 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.

References (1)

[Broken Link] https://kc.mcafee.com/corporate/index?page=content&id=SB10376

Scores

CVSS v3 8.4

EPSS 0.0121

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (2)

mcafee/data_loss_prevention < 11.7.101

mcafee/data_loss_prevention

Timeline

Published Jan 24, 2022

Tracked Since Feb 18, 2026