CVE-2020-7302
MEDIUMMcafee Data Loss Prevention < 11.3.28 - Unrestricted File Upload
Title source: ruleDescription
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kc.mcafee.com/corporate/index?page=content&id=SB10326
Scores
CVSS v3
5.4
EPSS
0.0059
EPSS Percentile
69.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Details
CWE
CWE-434
Status
published
Products (1)
mcafee/data_loss_prevention
11.3.0 - 11.3.28
Published
Aug 13, 2020
Tracked Since
Feb 18, 2026