CVE-2020-7300

EPSS 0.12%
Published 12.08.2020 22:15:12
Last modified 21.11.2024 05:37:01
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Data Loss Prevention Version >= 11.3.0 < 11.3.28

Mcafee ≫ Data Loss Prevention Version >= 11.4.0 < 11.4.200

Mcafee ≫ Data Loss Prevention Version >= 11.5.0 < 11.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.323

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
trellixpsirt@trellix.com	4.6	2.1	2.5	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://kc.mcafee.com/corporate/index?page=content&id=SB10326

https://nvd.nist.gov/vuln/detail/CVE-2020-7300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7300

EUVD