) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mcafee:data_loss_prevention:11.3.0.172:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-7307 |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. Published: August 13, 2020; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.2 MEDIUM V2.0: 2.1 LOW |
| CVE-2020-7306 |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text Published: August 12, 2020; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 5.2 MEDIUM V2.0: 2.1 LOW |
| CVE-2020-7305 |
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. Published: August 12, 2020; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2020-7304 |
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. Published: August 12, 2020; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0: 5.2 MEDIUM |
| CVE-2020-7303 |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. Published: August 12, 2020; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.1 MEDIUM V2.0: 2.3 LOW |
| CVE-2020-7302 |
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. Published: August 12, 2020; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
| CVE-2020-7301 |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. Published: August 12, 2020; 6:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-7300 |
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. Published: August 12, 2020; 6:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2019-3640 |
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. Published: November 13, 2019; 7:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |