cvelist/2020/7xxx/CVE-2020-7322.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "DATE_PUBLIC": "2020-09-08T00:00:00.000Z",
        "ID": "CVE-2020-7322",
        "STATE": "PUBLIC",
        "TITLE": "Exposure of Sensitive Information in ENS for Windows"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Endpoint Security for Windows ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "10.7.x",
                                            "version_value": "10.7.0 September 2020 Update"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee LLC"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-532: Insertion of Sensitive Information into Log File"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10327",
                "refsource": "CONFIRM",
                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10327"
            }
        ]
    },
    "source": {
        "discovery": "INTERNAL"
    }
}