CVE-2021-4088
Blind SQL injection in DLP ePO extension
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Productos afectados
McAfee,LLC · McAfee Data Loss Prevention (DLP) ePO Extension¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →