CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10326 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10326 -
CVSS v2 : 4.0
v3 : 6.3
v2 : 4.0
v3 : 4.6

07 Nov 2023, 03:25

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10326 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10326 -

Information

Published : 2020-08-12 22:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7300

Mitre link : CVE-2020-7300

CVE.ORG link : CVE-2020-7300


JSON object : View

Products Affected

mcafee

  • data_loss_prevention
CWE
CWE-863

Incorrect Authorization