37 matches found
CVE-2021-31832 Cross site scripting vulnerability in DLP Endpoint for Windows
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...
CVE-2020-7346
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...
Privilege escalation
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...
CVE-2020-7346
Summary of CVE-2020-7346 (McAfee DLP for Windows) : A local privilege-escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a low-privileged attacker to load DLLs of their choosing by abusing junctions, requiring creation/removal of junctions and timin...
CVE-2020-7346 Privilege escalation in McAfee DLP Endpoint for Windows
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...
McAfee DLP Extension for ePO Installed (Windows)
Binary data mcafeedlpepoextensioninstalled.nbin...
CVE-2020-7307
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials...
CVE-2020-7306
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text...
CVE-2020-7305 DLP ePO extension - Privilege escalation
Privilege escalation vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials...
CVE-2020-7300
Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...
Authorization
Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...
CVE-2020-7301
CVE-2020-7301 concerns the McAfee Data Loss Prevention (DLP) ePO extension prior to version 11.5.3. The vulnerability is a Cross Site Scripting (XSS) flaw within the DLP case management file-upload tab, exploited by authenticated users to trigger alerts. The provided documents confirm the affecte...
Code injection
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity...
CVE-2019-3595
Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...
CVE-2018-6664
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention DLP Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility...
CVE-2017-3948
Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...