Vulnerabilities > Mcafee > Data Loss Prevention Endpoint > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-01 CVE-2021-31849 SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
network
low complexity
mcafee CWE-89
7.2
2021-09-17 CVE-2021-31844 Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file.
local
low complexity
mcafee CWE-120
7.3
2021-04-15 CVE-2021-23887 Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses.
local
low complexity
mcafee
7.8
2019-07-24 CVE-2019-3622 Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
local
low complexity
mcafee CWE-552
8.2
2018-10-03 CVE-2018-6689 Improper Authentication vulnerability in Mcafee Data Loss Prevention Endpoint
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.
local
low complexity
mcafee CWE-287
7.8
2018-07-23 CVE-2018-6683 Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
low complexity
mcafee CWE-276
7.4
2018-05-25 CVE-2018-6664 Improper Verification of Cryptographic Signature vulnerability in Mcafee Data Loss Prevention Endpoint
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
network
low complexity
mcafee CWE-347
8.8
2017-03-14 CVE-2016-8012 Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.
local
low complexity
mcafee CWE-264
7.8