CVE-2020-7304

HIGH

Mcafee Data Loss Prevention < 11.3.28 - CSRF

Title source: rule

Description

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

References (1)

Scores

CVSS v3 7.6
EPSS 0.0009
EPSS Percentile 25.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Classification

CWE
CWE-352
Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 13, 2020
Tracked Since Feb 18, 2026