CVE-2020-7328

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
References
Link Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10334 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*

History

16 Nov 2023, 14:12

Type Values Removed Values Added
CWE CWE-918
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10334 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10334 - Broken Link, Vendor Advisory

07 Nov 2023, 03:26

Type Values Removed Values Added
CWE CWE-918
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10334 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10334 -

Information

Published : 2020-11-11 09:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-7328

Mitre link : CVE-2020-7328

CVE.ORG link : CVE-2020-7328


JSON object : View

Products Affected

mcafee

  • mvision_endpoint
CWE
CWE-918

Server-Side Request Forgery (SSRF)