CVE-2020-7302

EPSS 0.59%
Veröffentlicht 13.08.2020 03:15:14
Zuletzt bearbeitet 21.11.2024 05:37:01
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Data Loss Prevention Version >= 11.3.0 < 11.3.28

Mcafee ≫ Data Loss Prevention Version >= 11.4.0 < 11.4.200

Mcafee ≫ Data Loss Prevention Version >= 11.5.0 < 11.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.666

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	3.1	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
trellixpsirt@trellix.com	5.4	2.3	2.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://kc.mcafee.com/corporate/index?page=content&id=SB10326

https://nvd.nist.gov/vuln/detail/CVE-2020-7302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7302

EUVD