DLP Endpoint log file redirection to arbitrary locations
CVE-2019-3622

7.5HIGH

Key Information:

Vendor: Mcafee, Llc
Status: Data Loss Prevention (dlpe) For Windows
Vendor: CVE Published:; 24 July 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3622?

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

Affected Version(s)

Data Loss Prevention (DLPe) for Windows 11.x < 11.3.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109370

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 24, 2019
Vulnerability Reserved
Jan 3, 2019

JSON