Publish CVE-2020-7332.json

SB is live
2025-08-04 08:44:25 +00:00 · 2020-11-12 15:12:35 +05:30 · 2020-11-12 15:12:35 +05:30 · a31a9db699
commit a31a9db699
parent 8bcf5a3ff2
1 changed files with 77 additions and 7 deletions
--- a/2020/7xxx/CVE-2020-7332.json
+++ b/2020/7xxx/CVE-2020-7332.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@mcafee.com",
+        "DATE_PUBLIC": "2020-11-11T00:00:00.000Z",
        "ID": "CVE-2020-7332",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Endpoint Security for Windows",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "10.7.x",
+                                            "version_value": "10.7.0 September 2020 Update"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Mcafee, LLC"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "ADJACENT_NETWORK",
+            "availabilityImpact": "LOW",
+            "baseScore": 7,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10335",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10335"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "INTERNAL"
    }
-}
+}