CVE-2020-7307

EPSS 0.04%
Veröffentlicht 13.08.2020 04:15:13
Zuletzt bearbeitet 21.11.2024 05:37:02
Quelle trellixpsirt@trellix.com
Teams Watchlist Login
Unerledigt Login

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Data Loss Prevention Version >= 11.3.0 < 11.3.28

Mcafee ≫ Data Loss Prevention Version >= 11.4.0 < 11.4.200

Mcafee ≫ Data Loss Prevention Version >= 11.5.0 < 11.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.2	2	2.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
trellixpsirt@trellix.com	5.2	2	2.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://kc.mcafee.com/corporate/index?page=content&id=SB10326

https://nvd.nist.gov/vuln/detail/CVE-2020-7307

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7307

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7307

EUVD