DLP ePO extension - Privilege escalation
CVE-2020-7305

6.7MEDIUM

Key Information:

Vendor: Mcafee
Status: Dlp Epo Extension
Vendor: CVE Published:; 13 August 2020

What is CVE-2020-7305?

Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.

Affected Version(s)

DLP ePO extension 11.3 < 11.3.28

DLP ePO extension 11.4 < 11.4.200

DLP ePO extension 11.5 < 11.5.3

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2020
Vulnerability Reserved
Jan 21, 2020

Mcafee

What is CVE-2020-7305?

Affected Version(s)

References

CVSS V3.1

Timeline