CVE-2020-7302 is a vulnerability in McAfee Data Loss Prevention
Published on August 13, 2020

DLP ePO extension - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2020-7302 has been classified to as an Unrestricted File Upload vulnerability or weakness.

Products Associated with CVE-2020-7302

Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.

McAfee Data Loss Prevention

Affected Versions

McAfee DLP ePO extension:

Version 11.3 and below 11.3.28 is affected.
Version 11.4 and below 11.4.200 is affected.
Version 11.5 and below 11.5.3 is affected.

Exploit Probability

EPSS

0.59%

Percentile

68.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.