Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
January 26, 2022
Rewterz
Rewterz Threat Advisory – Multiple Dell EMC Data Protection Central Vulnerabilities
January 26, 2022

Rewterz Threat Advisory – CVE-2021-4088 – McAfee Data Loss Protection ePO extension Vulnerability

Severity

High

Analysis Summary

CVE-2021-4088

McAfee Data Loss Prevention (DLP) ePO extension is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to ePO database using the DLP part, which could allow the attacker to execute arbitrary code on the ePO server with privilege escalation.

Impact

  • Privilege Escalation

Affected Vendors

McAfee

Affected Products

  • McAfee Data Loss Prevention (DLP) ePO extension 11.6
  • McAfee Data Loss Prevention (DLP) ePO extension 11.7
  • McAfee Data Loss Prevention (DLP) ePO extension 11.8

Remediation

Refer to McAfee Security Advisory for patch, upgrade or suggested workaround information.

https://kc.mcafee.com/corporate/index?page=content&id=SB10376