Lucene search

TrellixCVELIST:CVE-2019-3622

HistoryJul 24, 2019 - 4:13 p.m.

CVE-2019-3622 DLP Endpoint log file redirection to arbitrary locations

2019-07-2416:13:17

CWE-552

trellix

www.cve.org

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

CNA Affected

[
  {
    "product": "Data Loss Prevention (DLPe) for Windows",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "11.3.0",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109370

kc.mcafee.com/corporate/index?page=content&id=SB10290

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2019-3622