CVE-2021-31832: Cross site scripting vulnerability in DLP Endpoint for Windows
First published: Wed Jun 09 2021(Updated: )
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Data Loss Prevention | <11.6.200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-31832?
CVE-2021-31832 is a vulnerability in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200.
What is the severity of CVE-2021-31832?
CVE-2021-31832 has a severity of medium (4.8 out of 10).
How does CVE-2021-31832 affect the ePO administrator extension for McAfee Data Loss Prevention?
CVE-2021-31832 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field, which will be executed when an end user accesses the affected system.
What is the affected version of McAfee Data Loss Prevention?
McAfee Data Loss Prevention versions prior to 11.6.200 are affected by CVE-2021-31832.
How can I fix CVE-2021-31832?
To fix CVE-2021-31832, it is recommended to upgrade to McAfee Data Loss Prevention Endpoint version 11.6.200 or later.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/mcafee
- canonical/mcafee data loss prevention