Lucene search

K

Data Loss Prevention Epo Extension Security Vulnerabilities

cve
cve

CVE-2015-1618

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted...

6AI Score

0.001EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2015-1617

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.3AI Score

0.001EPSS

2022-10-03 04:15 PM
24
cve
cve

CVE-2015-1616

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified...

8.1AI Score

0.001EPSS

2022-10-03 04:15 PM
25
cve
cve

CVE-2021-4088

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server....

8.4CVSS

7.2AI Score

0.001EPSS

2022-01-24 04:15 PM
28
cve
cve

CVE-2021-31848

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of...

8.4CVSS

5.9AI Score

0.001EPSS

2021-11-01 08:15 PM
22
cve
cve

CVE-2021-31849

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO...

8.4CVSS

7.2AI Score

0.001EPSS

2021-11-01 08:15 PM
30
cve
cve

CVE-2021-31832

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end...

5.2CVSS

5.2AI Score

0.001EPSS

2021-06-09 02:15 PM
24
2
cve
cve

CVE-2020-7305

Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user...

6.7CVSS

6.5AI Score

0.001EPSS

2020-08-13 03:15 AM
17
2
cve
cve

CVE-2020-7302

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity...

6.4CVSS

6.3AI Score

0.001EPSS

2020-08-13 03:15 AM
25
cve
cve

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new...

7.6CVSS

7.3AI Score

0.001EPSS

2020-08-13 03:15 AM
19
cve
cve

CVE-2020-7303

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new...

4.1CVSS

4.2AI Score

0.001EPSS

2020-08-13 03:15 AM
23
cve
cve

CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post...

6.3CVSS

6.2AI Score

0.001EPSS

2020-08-12 10:15 PM
18
2
cve
cve

CVE-2020-7301

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management...

4.6CVSS

4.5AI Score

0.001EPSS

2020-08-12 10:15 PM
17
cve
cve

CVE-2019-3640

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP...

6.5CVSS

6.4AI Score

0.003EPSS

2019-11-14 12:15 AM
27
cve
cve

CVE-2019-3595

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which...

6.5CVSS

6.8AI Score

0.0004EPSS

2019-07-24 03:15 PM
96
cve
cve

CVE-2019-3591

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted...

6.1CVSS

6AI Score

0.002EPSS

2019-07-24 03:15 PM
100
cve
cve

CVE-2017-3948

Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing...

5.4CVSS

5.1AI Score

0.001EPSS

2017-06-23 01:29 PM
26
cve
cve

CVE-2015-2760

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.3AI Score

0.001EPSS

2015-03-27 02:59 PM
31
cve
cve

CVE-2015-2759

Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the.....

7.1AI Score

0.001EPSS

2015-03-27 02:59 PM
24
cve
cve

CVE-2015-2758

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted...

6.6AI Score

0.002EPSS

2015-03-27 02:59 PM
26
cve
cve

CVE-2015-2757

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified...

6.4AI Score

0.001EPSS

2015-03-27 02:59 PM
23