CVE-2020-7300 is a vulnerability in McAfee Data Loss Prevention
Published on August 12, 2020

DLP ePO extension - Improper Authorization
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2020-7300 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2020-7300

Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.

McAfee Data Loss Prevention

Affected Versions

McAfee DLP ePO extension:

Version 11.3 and below 11.3.28 is affected.
Version 11.4 and below 11.4.200 is affected.
Version 11.5 and below 11.5.3 is affected.

Exploit Probability

EPSS

0.12%

Percentile

31.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.