CVE-2020-7300: DLP ePO extension - Improper Authorization
First published: Wed Aug 12 2020(Updated: )
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Data Loss Prevention | >=11.3.0<11.3.28 | |
| Mcafee Data Loss Prevention | >=11.4.0<11.4.200 | |
| Mcafee Data Loss Prevention | >=11.5.0<11.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7300?
CVE-2020-7300 is an Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3.
How does CVE-2020-7300 affect McAfee Data Loss Prevention?
CVE-2020-7300 allows authenticated remote attackers to change the configuration of McAfee Data Loss Prevention when logged in with view only privileges.
Who is affected by CVE-2020-7300?
McAfee Data Loss Prevention versions prior to 11.5.3 are affected by CVE-2020-7300.
What is the severity of CVE-2020-7300?
CVE-2020-7300 has a severity score of 6.3 (Medium).
How can I fix CVE-2020-7300?
To fix CVE-2020-7300, update McAfee Data Loss Prevention to version 11.5.3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee data loss prevention
- version/mcafee data loss prevention/11.3.0
- version/mcafee data loss prevention/11.4.0
- version/mcafee data loss prevention/11.5.0