Vulnerability Details : CVE-2020-7302
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.
Products affected by CVE-2020-7302
- cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7302
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST | |
6.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L |
3.1
|
2.7
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L |
2.3
|
2.7
|
McAfee (DEFUNCT) |
CWE ids for CVE-2020-7302
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- nvd@nist.gov (Primary)
- psirt@mcafee.com (Secondary)
References for CVE-2020-7302
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10326
McAfee Security Bulletin - Data Loss Prevention for Mac agent and Data Loss Prevention ePO extension address eight vulnerabilities (CVE-2020-7300, CVE-2020-7301, CVE-2020-7302, CVE-2020-7303, CVE-2020Vendor Advisory
Jump to