Lucene search

TrellixCVELIST:CVE-2021-31848

HistoryNov 01, 2021 - 7:25 p.m.

CVE-2021-31848 Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS)

2021-11-0119:25:19

CWE-79

trellix

www.cve.org

cve-2021-31848

data loss prevention

dlp

epo extension

cross site scripting

xss

mcafee

remote attacker

administrator session

case management

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

CNA Affected

[
  {
    "product": "Data Loss Prevention (DLP) ePO extension",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "11.7.100",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "11.6.400",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10371

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

Related for CVELIST:CVE-2021-31848