Overview
- Description
- Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
- Source
- trellixpsirt@trellix.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5549CA0D-E484-41B3-9FBF-5A9E48DB3668",
"versionEndExcluding": "11.3.28",
"versionStartIncluding": "11.3.0"
},
{
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C387BBB4-FD6A-40EB-B02A-297E45291EF1",
"versionEndExcluding": "11.4.200",
"versionStartIncluding": "11.4.0"
},
{
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D292F8EF-8232-4803-A465-18C6CCBB6DEB",
"versionEndExcluding": "11.5.3",
"versionStartIncluding": "11.5.0"
}
],
"operator": "OR"
}
]
}
]