VYPR

Data Loss Prevention (DLP) ePO extension

by McAfee

CVEs (9)

  • CVE-2021-4088Jan 24, 2022
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code…

  • CVE-2021-31848Nov 1, 2021
    risk 0.00cvss epss 0.01

    Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case…

  • CVE-2021-31849Nov 1, 2021
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

  • CVE-2020-7305Aug 13, 2020
    risk 0.00cvss epss 0.01

    Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.

  • CVE-2020-7304Aug 13, 2020
    risk 0.00cvss epss 0.00

    Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

  • CVE-2020-7303Aug 13, 2020
    risk 0.00cvss epss 0.00

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.

  • CVE-2020-7302Aug 13, 2020
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

  • CVE-2020-7301Aug 12, 2020
    risk 0.00cvss epss 0.01

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.

  • CVE-2020-7300Aug 12, 2020
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.