CVE-2020-7301: DLP ePO extension - Cross site scripting
First published: Wed Aug 12 2020(Updated: )
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Data Loss Prevention | >=11.3.0<11.3.28 | |
| Mcafee Data Loss Prevention | >=11.4.0<11.4.200 | |
| Mcafee Data Loss Prevention | >=11.5.0<11.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7301?
CVE-2020-7301 is a Cross-Site Scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to version 11.5.3.
How does CVE-2020-7301 affect McAfee Data Loss Prevention (DLP)?
CVE-2020-7301 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
What software versions are affected by CVE-2020-7301?
CVE-2020-7301 affects McAfee Data Loss Prevention (DLP) versions 11.3.0 to 11.3.28, 11.4.0 to 11.4.200, and 11.5.0 to 11.5.3.
What is the severity of CVE-2020-7301?
CVE-2020-7301 has a severity rating of 4.6 (Medium).
How can CVE-2020-7301 be fixed?
To fix CVE-2020-7301, it is recommended to upgrade McAfee Data Loss Prevention (DLP) ePO extension to version 11.5.3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee data loss prevention
- version/mcafee data loss prevention/11.3.0
- version/mcafee data loss prevention/11.4.0
- version/mcafee data loss prevention/11.5.0