CVE-2020-7302

EPSS 0.59%
Published 13.08.2020 03:15:14
Last modified 21.11.2024 05:37:01
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Data Loss Prevention Version >= 11.3.0 < 11.3.28

Mcafee ≫ Data Loss Prevention Version >= 11.4.0 < 11.4.200

Mcafee ≫ Data Loss Prevention Version >= 11.5.0 < 11.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.59%	0.666

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	3.1	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
trellixpsirt@trellix.com	5.4	2.3	2.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://kc.mcafee.com/corporate/index?page=content&id=SB10326

https://nvd.nist.gov/vuln/detail/CVE-2020-7302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7302

EUVD