DLP ePO extension - Cross-site request forgery
CVE-2020-7304

7.6HIGH

Key Information:

Vendor: Mcafee
Status: Dlp Epo Extension
Vendor: CVE Published:; 13 August 2020

What is CVE-2020-7304?

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

Affected Version(s)

DLP ePO extension 11.3 < 11.3.28

DLP ePO extension 11.4 < 11.4.200

DLP ePO extension 11.5 < 11.5.3

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2020
Vulnerability Reserved
Jan 21, 2020

Mcafee

What is CVE-2020-7304?

Affected Version(s)

References

CVSS V3.1

Timeline