CVE-2020-7307

MEDIUM

Mcafee Data Loss Prevention - Insufficiently Protected Credentials

Title source: rule

Description

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Scores

CVSS v3 5.2

EPSS 0.0004

EPSS Percentile 13.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 13, 2020

Tracked Since Feb 18, 2026