DLP ePO extension - Unrestricted Upload of File with Dangerous Type
CVE-2020-7302

5.4MEDIUM

Key Information:

Vendor: Mcafee
Status: Dlp Epo Extension
Vendor: CVE Published:; 13 August 2020

Summary

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

Affected Version(s)

DLP ePO extension 11.3 < 11.3.28

DLP ePO extension 11.4 < 11.4.200

DLP ePO extension 11.5 < 11.5.3

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2020
Vulnerability Reserved
Jan 21, 2020