{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T22:26:37.061","vulnerabilities":[{"cve":{"id":"CVE-2021-31849","sourceIdentifier":"trellixpsirt@trellix.com","published":"2021-11-01T20:15:07.593","lastModified":"2024-11-21T06:06:21.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en la extensión de McAfee Data Loss Prevention (DLP) ePO versiones anteriores a 11.7.100, permite a un atacante remoto que haya iniciado sesión en ePO como administrador inyectar SQL arbitrario en la base de datos de ePO mediante la sección de administración de usuarios de la extensión de DLP ePO"}],"metrics":{"cvssMetricV31":[{"source":"trellixpsirt@trellix.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"trellixpsirt@trellix.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.400","matchCriteriaId":"C621FD41-E7D3-46AB-9539-D9A63FE5AD5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.100","matchCriteriaId":"E775D889-AB7A-44DB-82DC-3370309C147F"}]}]}],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10371","source":"trellixpsirt@trellix.com","tags":["Broken Link"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10371","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}}]}