CVE-2019-3622

Published: Jul 24, 2019Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

Affected (2)

Products: Mcafee: Data Loss Prevention Endpoint

1 product

Data Loss Prevention Endpoint

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mcafee Data Loss Prevention Endpoint	From 11.0 to 11.1.200
Mcafee Data Loss Prevention Endpoint	From 11.2.000 to 11.3.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

http://www.securityfocus.com/bid/109370

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10290

Source: trellixpsirt@trellix.com

http://www.securityfocus.com/bid/109370

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10290

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.