← back
CVE-2020-7300

DLP ePO extension - Improper Authorization

CVSS 4.6 MEDIUMEPSS 0.6%CWE-863
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected products
McAfee · DLP ePO extension

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10326