March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation
June 2, 2021
Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 3, 2021
Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation
June 2, 2021
Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 3, 2021
Severity
High
Analysis Summary
CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
CVE-2021-23896
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server
CVE-2021-23897
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
CVE-2021-23898
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
The scripts are retained to allow them to be used when analyzing older events should they be required in the future. The impact has been judged to be low as it is expected that the scripts are created in good faith.
Impact
- Deserialization of Untrusted Data
- Clear text Transmission of Sensitive Information
- Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
- Files or Directories Accessible to External Parties.
Affected Vendors
McAfee
Affected Products
- Database Security (DBSec) 4.8.2
Remediation
User are advice to upgrade to DBSec 4.8.2