Vulnerabilities > Mcafee > Data Loss Prevention

DATE CVE VULNERABILITY TITLE RISK
2022-01-24 CVE-2021-4088 SQL Injection vulnerability in Mcafee Data Loss Prevention 11.6.401
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database.
network
low complexity
mcafee CWE-89
7.2
2021-06-09 CVE-2021-31832 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field.
network
low complexity
mcafee CWE-79
4.8
2021-03-23 CVE-2020-7346 Link Following vulnerability in Mcafee Data Loss Prevention
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing.
local
low complexity
mcafee CWE-59
7.8
2020-08-13 CVE-2020-7307 Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
local
low complexity
mcafee CWE-522
5.2
2020-08-13 CVE-2020-7306 Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
local
low complexity
mcafee CWE-522
5.2
2020-08-13 CVE-2020-7305 Improper Privilege Management vulnerability in Mcafee Data Loss Prevention
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.
network
low complexity
mcafee CWE-269
6.5
2020-08-13 CVE-2020-7304 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Data Loss Prevention
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.
low complexity
mcafee CWE-352
7.6
2020-08-13 CVE-2020-7303 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.
low complexity
mcafee CWE-79
4.1
2020-08-13 CVE-2020-7302 Unrestricted Upload of File with Dangerous Type vulnerability in Mcafee Data Loss Prevention
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.
network
low complexity
mcafee CWE-434
6.4
2020-08-12 CVE-2020-7301 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
network
low complexity
mcafee CWE-79
4.6