Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
January 26, 2022Rewterz Threat Advisory – Multiple Dell EMC Data Protection Central Vulnerabilities
January 26, 2022Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
January 26, 2022Rewterz Threat Advisory – Multiple Dell EMC Data Protection Central Vulnerabilities
January 26, 2022Severity
High
Analysis Summary
CVE-2021-4088
McAfee Data Loss Prevention (DLP) ePO extension is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to ePO database using the DLP part, which could allow the attacker to execute arbitrary code on the ePO server with privilege escalation.
Impact
- Privilege Escalation
Affected Vendors
McAfee
Affected Products
- McAfee Data Loss Prevention (DLP) ePO extension 11.6
- McAfee Data Loss Prevention (DLP) ePO extension 11.7
- McAfee Data Loss Prevention (DLP) ePO extension 11.8
Remediation
Refer to McAfee Security Advisory for patch, upgrade or suggested workaround information.