CVE-2020-7302

MEDIUM

Mcafee Data Loss Prevention < 11.3.28 - Unrestricted File Upload

Title source: rule

Description

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Scores

CVSS v3 5.4

EPSS 0.0059

EPSS Percentile 68.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Classification

CWE

CWE-434

Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 13, 2020

Tracked Since Feb 18, 2026