CVE-2021-31850— Denial of Service in Database Security on Windows
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-31850
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service in Database Security on Windows
Source: NVD (National Vulnerability Database)
Vulnerability Description
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mcafee Database Security Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mcafee Database Security Server是美国迈克菲(Mcafee)公司的一款数据库安全软件。该软件可为用户提供数据库的整体情况和相应安全状况,实时保护关键业务数据库免受外部,内部和内部数据库威胁的侵害。 Mcafee Database Security Server (DBS)存在安全漏洞,该漏洞源于允许远程认证管理员触发对DBS服务器的拒绝服务攻击。通过用户界面进行归档的配置错误地允许在Windows系统目录和其他可能覆盖敏感数据的位置创建目录和文件。前者可能导致DoS,而后者可
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| McAfee,LLC | McAfee Database Security (DBSec) | unspecified ~ 4.8.4 | - |
II. Public POCs for CVE-2021-31850
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-31850
请登录查看更多情报信息。
- https://www.zerodayinitiative.com/advisories/ZDI-21-1535/x_refsource_MISC
- https://kc.mcafee.com/corporate/index?page=content&id=SB10358x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-31850
IV. Related Vulnerabilities
Same product: McAfee Database Security (DBSec)
- CVE-2021-31830
Cross site Scripting (XSS) vulnerability in McAfee DBSec - CVE-2021-31831
Incorrect access to deleted scripts vulnerability in McAfee - CVE-2021-23896
Cleartext Transmission of Sensitive Information in McAfee DB - CVE-2021-23895
Authorized deserialization of untrusted data in McAfee DBSec - CVE-2021-23894
Unauthorized deserialization of untrusted data in McAfee DBS
Same vendor: McAfee,LLC
Same weakness: CWE-552
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2019-25709
CF Image Hosting Script 1.6.5 Unauthorized Database Access - CVE-2026-33698
Chamilo LMS affected by unauthenticated RCE in main/install - CVE-2021-47960
Synology SSL VPN Client 安全漏洞 - CVE-2026-35446
LORIS has a path traversal in FilesDownloadHandler
V. Comments for CVE-2021-31850
No comments yet