admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-73xx/CVE-2020-7300.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

147 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7300",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2020-08-12T22:15:12.813",
"lastModified": "2023-11-07T03:25:55.793",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Autorizaci\u00f3n Inapropiada en la extensi\u00f3n ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes remotos autenticados cambiar la configuraci\u00f3n cuando inician sesi\u00f3n con privilegios de solo visualizaci\u00f3n por medio de mensajes post HTTP cuidadosamente construidos"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "11.3.28",
"matchCriteriaId": "5549CA0D-E484-41B3-9FBF-5A9E48DB3668"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.4.0",
"versionEndExcluding": "11.4.200",
"matchCriteriaId": "C387BBB4-FD6A-40EB-B02A-297E45291EF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5.0",
"versionEndExcluding": "11.5.3",
"matchCriteriaId": "D292F8EF-8232-4803-A465-18C6CCBB6DEB"
}
]
}
]
}
],
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326",
"source": "trellixpsirt@trellix.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink