CVE-2020-7305

MEDIUM

Mcafee Data Loss Prevention < 11.3.28 - Improper Privilege Management

Title source: rule

Description

Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Scores

CVSS v3 6.7

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-269

Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 13, 2020

Tracked Since Feb 18, 2026