From 179a8ff6eeff33129b5be1c0373d6993c75ac2c7 Mon Sep 17 00:00:00 2001 From: zli Date: Wed, 12 Aug 2020 17:07:57 -0500 Subject: [PATCH] Publish CVE-2020-7301 --- 2020/7xxx/CVE-2020-7301.json | 93 +++++++++++++++++++++++++++++++++--- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/2020/7xxx/CVE-2020-7301.json b/2020/7xxx/CVE-2020-7301.json index 7aad6d012df..2f45fd00287 100644 --- a/2020/7xxx/CVE-2020-7301.json +++ b/2020/7xxx/CVE-2020-7301.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2020-7301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DLP ePO extension - Cross site scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DLP ePO extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.3", + "version_value": "11.3.28" + }, + { + "version_affected": "<", + "version_name": "11.4", + "version_value": "11.4.200" + }, + { + "version_affected": "<", + "version_name": "11.5", + "version_value": "11.5.3" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326" + } + ] + }, + "source": { + "advisory": "SB10326", + "discovery": "EXTERNAL" } -} \ No newline at end of file +}