DLP ePO extension - Unrestricted Upload of File with Dangerous Type

CVE-2020-7302

5.4MEDIUM

Key Information

Vendor: Mcafee
Status: Dlp Epo Extension
Vendor: CVE Published:; 13 August 2020

Summary

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

Affected Version(s)

DLP ePO extension < 11.3.28

DLP ePO extension < 11.4.200

DLP ePO extension < 11.5.3

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2020
Vulnerability Reserved
Jan 21, 2020

Collectors

NVD DatabaseMitre Database