CVE-2021-31848

Published: Nov 1, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

Affected (2)

Products: Mcafee: Data Loss Prevention Endpoint

1 product

Data Loss Prevention Endpoint

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mcafee Data Loss Prevention Endpoint	From 11.6.0 to 11.6.400
Mcafee Data Loss Prevention Endpoint	From 11.7.0 to 11.7.100

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10371

Source: trellixpsirt@trellix.com

Broken LinkVendor Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10371

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.