CVE-2020-7300

MEDIUM

Mcafee Data Loss Prevention < 11.3.28 - Incorrect Authorization

Title source: rule

Description

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Scores

CVSS v3 4.6

EPSS 0.0012

EPSS Percentile 31.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Classification

CWE

CWE-863

Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 12, 2020

Tracked Since Feb 18, 2026