cvelist/2020/7xxx/CVE-2020-7300.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2020-7300",
        "STATE": "PUBLIC",
        "TITLE": "DLP ePO extension - Improper Authorization"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "DLP ePO extension",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "11.3",
                                            "version_value": "11.3.28"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "11.4",
                                            "version_value": "11.4.200"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "11.5",
                                            "version_value": "11.5.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-863: Incorrect Authorization"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326",
                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326"
            }
        ]
    },
    "source": {
        "advisory": "SB10326",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`{`
			`"CVE_data_meta": {`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`"ASSIGNER": "psirt@mcafee.com",`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`"ID": "CVE-2020-7300",`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`"STATE": "PUBLIC",`
			`"TITLE": "DLP ePO extension - Improper Authorization"`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`},`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "DLP ePO extension",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "11.3",`
			`"version_value": "11.3.28"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "11.4",`
			`"version_value": "11.4.200"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "11.5",`
			`"version_value": "11.5.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "McAfee"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`"value": "Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 4.6,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
Update CVE-2020-7300.json 2020-10-19 10:25:34 +01:00			`"value": "CWE-863: Incorrect Authorization"`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`}`
			`]`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`}`
			`]`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2020-08-12 23:01:47 +00:00			`"refsource": "MISC",`
			`"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326",`
			`"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326"`
Publish CVE-2020-7300 2020-08-12 17:02:47 -05:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "SB10326",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`}`
Update CVE-2020-7300.json 2020-10-19 10:25:34 +01:00			`}`