cvedb.io
CVE-2021-4088
HIGH · CVSS 8.4
EPSS exploitation probability: 0%
Published 2022-01-24T16:15:08.160 · Last modified 2026-06-17T04:19:00.873

Summary

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.

Affected products

mcafee — data_loss_prevention

Does this affect you?

Add your gear to cvedb and we'll alert you only when mcafee ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.