DLP Endpoint ePO extension not sanitizing CSV exports
CVE-2019-3595

2LOW

Key Information:

Vendor: Mcafee, Llc
Status: Dlp Endpoint Epo Extension
Vendor: CVE Published:; 24 July 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3595?

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DLP Endpoint ePO extension 11.x < 11.3.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109377

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2019
Vulnerability Reserved
Jan 3, 2019

JSON

Mcafee, Llc