CVE-2021-31832 is a vulnerability in McAfee Data Loss Prevention
Published on June 9, 2021

Cross site scripting vulnerability in DLP Endpoint for Windows
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2021-31832 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2021-31832

Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.

McAfee Data Loss Prevention

Affected Versions

McAfee,LLC McAfee Data Loss Prevention (DLP) Endpoint for Windows:

Version unspecified and below 11.6.200 is affected.

Exploit Probability

EPSS

0.40%

Percentile

60.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.