From 308f1b53b75ef09e77416f52b7013dd999ccd572 Mon Sep 17 00:00:00 2001 From: sbhatiMcafee <52496610+sbhatiMcafee@users.noreply.github.com> Date: Wed, 24 Jul 2019 17:40:11 +0530 Subject: [PATCH] Publish 2019-3591 SB is already live --- 2019/3xxx/CVE-2019-3591.json | 77 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/3xxx/CVE-2019-3591.json b/2019/3xxx/CVE-2019-3591.json index 7c757ed4efd..2d5dd01b11a 100644 --- a/2019/3xxx/CVE-2019-3591.json +++ b/2019/3xxx/CVE-2019-3591.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2019-3591", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DLP Endpoint ePO extension vulnerable to XSS " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Loss Prevention ePO extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.x", + "version_value": "11.3.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10289", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10289" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } -} \ No newline at end of file +}