Description
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109370
Scores
CVSS v3
8.2
EPSS
0.0008
EPSS Percentile
24.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-552
Status
published
Products (1)
mcafee/data_loss_prevention_endpoint
11.0 - 11.1.200
Published
Jul 24, 2019
Tracked Since
Feb 18, 2026