Lucene search

TrellixCVELIST:CVE-2020-7304

HistoryAug 13, 2020 - 3:00 a.m.

CVE-2020-7304 DLP ePO extension - Cross-site request forgery

2020-08-1303:00:19

CWE-352

trellix

www.cve.org

cve-2020-7304

cross-site request forgery

data loss prevention

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

CNA Affected

[
  {
    "product": "DLP ePO extension",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "11.3.28",
        "status": "affected",
        "version": "11.3",
        "versionType": "custom"
      },
      {
        "lessThan": "11.4.200",
        "status": "affected",
        "version": "11.4",
        "versionType": "custom"
      },
      {
        "lessThan": "11.5.3",
        "status": "affected",
        "version": "11.5",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10326

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

Related for CVELIST:CVE-2020-7304