Lucene search

TrellixCVELIST:CVE-2020-7309

HistoryAug 26, 2020 - 6:00 a.m.

CVE-2020-7309 Cross Site Scripting vulnerability in ePO extension of MACC

2020-08-2606:00:19

CWE-79

trellix

www.cve.org

cve-2020-7309

cross site scripting

mcafee application control

epo extension

policy discovery

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

22.7%

JSON

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

CNA Affected

[
  {
    "product": "McAfee Application and Change Control",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "8.3.1",
        "status": "affected",
        "version": "8.3.1",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10324

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2020-7309