CVE-2021-23884— Clear text exposure of password in McAfee CSR ePO extension
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-23884
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Clear text exposure of password in McAfee CSR ePO extension
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
迈克菲 McAfee Content Security Reporter 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
McAfee Content Security Reporter是美国迈克菲(McAfee)公司的一个应用系统。一种报告软件解决方案,可帮助您识别和分析从网络设备收集的各种数据。 McAfee Content Security Reporter (CSR) 2.8.0之前版本存在安全漏洞,该漏洞源于管理员可以查看之前的未加密的密码McAfee网络网关(MWG)或McAfee互联网网关云服务器的密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| McAfee,LLC | McAfee Content Security Reporter (CSR) | unspecified ~ 2.8.0CWE-319: Cleartext Transmission of Sensitive Information | - |
II. Public POCs for CVE-2021-23884
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-23884
请登录查看更多情报信息。
- https://kc.mcafee.com/corporate/index?page=content&id=SB10353x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-23884
Same Patch Batch · McAfee,LLC · 2021-04-15 · 6 CVEs total
| CVE-2021-23887 | 7.8 HIGH | Privilege escalation in McAfee DLP Endpoint for Windows |
| CVE-2021-23886 | 5.5 MEDIUM | Local Denial of Service in McAfee DLP Endpoint for Windows |
| CVE-2020-7269 | 4.9 MEDIUM | Sensitive Information Exposure in McAfee ATD |
| CVE-2020-7270 | 4.9 MEDIUM | Sensitive Information Exposure in McAfee ATD |
| CVE-2020-7308 | 4.8 MEDIUM | Transmission of data in clear text by McAfee ENS |
IV. Related Vulnerabilities
Same vendor: McAfee,LLC
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2021-23884
No comments yet