Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-0400
HistoryFeb 02, 2023 - 9:15 a.m.

CVE-2023-0400

2023-02-0209:15:08
CWE-427
CWE-670
[email protected]
web.nvd.nist.gov
2
dlp
windows 11.10.0
protection bypass

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Affected configurations

Nvd
Node
trellixdata_loss_preventionRange11.9.011.10.0
AND
microsoftwindowsMatch-
VendorProductVersionCPE
trellixdata_loss_prevention*cpe:2.3:a:trellix:data_loss_prevention:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Related

cve 1
cvelist 1
prion 1
cve
cve
CVE-2023-0400
2023-02-02 09:15:08
cvelist
cvelist
CVE-2023-0400
2023-02-01 16:34:09
prion
prion
Security feature bypass
2023-02-02 09:15:00

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for NVD:CVE-2023-0400
cve1cvelist1prion1