12 matches found
CVE-2021-31832
CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...
CVE-2020-7306
The CVE-2020-7306 vulnerability affects McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2. It describes an Unprotected Storage of Credentials issue where ADRMS (and related) usernames and passwords can be read by local users from unprotected log files containing plaintext credentials. Exp...
CVE-2020-7307
CVE-2020-7307 affects McAfee Data Loss Prevention (DLP) for Mac/V11.x in which credentials are stored in unprotected log files. The root cause is Unprotected Storage of Credentials allowing local users to access RiskDB credentials (username/password) prior to version 11.5.2. Public references in ...
CVE-2020-7346
Summary of CVE-2020-7346 (McAfee DLP for Windows) : A local privilege-escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a low-privileged attacker to load DLLs of their choosing by abusing junctions, requiring creation/removal of junctions and timin...
CVE-2021-4088
CVE-2021-4088 describes a SQL injection in McAfee Data Loss Prevention (DLP) ePO extension. The vulnerability affects DLP ePO extension versions 11.6.401 and 11.7.x up to 11.7.100, and 11.8.x prior to 11.8.100, allowing a remote authenticated attacker to inject unfiltered SQL into the DLP portion...
CVE-2019-3640
CVE-2019-3640 affects McAfee Data Loss Prevention Endpoint’s ePO extension (11.x) prior to 11.4.0. The root cause is the unprotected/unencrypted transmission of credentials during LDAP connectivity testing, enabling remote attackers with network access to capture LDAP login details. Impact is cre...
CVE-2020-7302
CVE-2020-7302 describes an issue in the McAfee Data Loss Prevention (DLP) ePO extension for McAfee ePolicy Orchestrator. The vulnerability is an Unrestricted Upload of a File with a Dangerous Type in the DLP ePO extension prior to version 11.5.3, caused by lack of sanity checking. The impact, as ...
CVE-2020-7301
CVE-2020-7301 concerns the McAfee Data Loss Prevention (DLP) ePO extension prior to version 11.5.3. The vulnerability is a Cross Site Scripting (XSS) flaw within the DLP case management file-upload tab, exploited by authenticated users to trigger alerts. The provided documents confirm the affecte...
CVE-2020-7304
CVE-2020-7304 affects McAfee Data Loss Prevention (DLP) ePO extension prior to version 11.5.3. The Red Hat and CVE records describe a cross-site request forgery (CSRF) vulnerability that can be exploited by an authenticated remote attacker to embed a CSRF script by adding a new label. The vulnera...
CVE-2020-7300
CVE-2020-7300 affects McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3. An improper authorization flaw lets authenticated users with view-only privileges remotely alter configuration via carefully crafted HTTP POST messages. Impact is limited to configuration changes; exploitation ...
CVE-2020-7303
CVE-2020-7303 is a cross-site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension, exploitable pre-11.5.3. An authenticated remote user can trigger client-side scripts in another user's browser by adding a new label, leading to potential cookie/session data exposure or UI s...
CVE-2020-7305
CVE-2020-7305 affects McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3. The vulnerability is a privilege-escalation flaw where a low-privileged remote attacker can create new rule sets due to incorrect validation of user credentials. The description and Red Hat advisory corroborate...