Publish CVE-2020-7333.json

SB is live
2025-08-04 08:44:25 +00:00 · 2020-11-12 15:16:39 +05:30 · 2020-11-12 15:16:39 +05:30 · 714076200f
commit 714076200f
parent 91db83e02c
1 changed files with 77 additions and 7 deletions
--- a/2020/7xxx/CVE-2020-7333.json
+++ b/2020/7xxx/CVE-2020-7333.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@mcafee.com",
+        "DATE_PUBLIC": "2020-11-11T00:00:00.000Z",
        "ID": "CVE-2020-7333",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": " Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS)"
    },
-    "description": {
-        "description_data": [
+    "affects": {
+        "vendor": {
+            "vendor_data": [
                {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Endpoint Security for Windows",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "10.7.x",
+                                            "version_value": "10.7.0 September 2020 Update"
                                        }
                                    ]
                                }
                            }
+                        ]
+                    },
+                    "vendor_name": "Mcafee, LLC"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard."
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 4.8,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "HIGH",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79 Cross-site Scripting (XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10335",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10335"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "INTERNAL"
+    }
+}