nvd-json-data-feeds/CVE-2020/CVE-2020-73xx/CVE-2020-7301.json

{
  "id": "CVE-2020-7301",
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "published": "2020-08-12T22:15:12.907",
  "lastModified": "2023-11-07T03:25:56.020",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross Site scripting en la extensi\u00f3n ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes autenticados activar alertas por medio de la pesta\u00f1a de carga de archivos en la secci\u00f3n de administraci\u00f3n de casos de DLP"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 2.5
      },
      {
        "source": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "01626437-bf8f-4d1c-912a-893b5eb04808",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "11.3.0",
              "versionEndExcluding": "11.3.28",
              "matchCriteriaId": "5549CA0D-E484-41B3-9FBF-5A9E48DB3668"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "11.4.0",
              "versionEndExcluding": "11.4.200",
              "matchCriteriaId": "C387BBB4-FD6A-40EB-B02A-297E45291EF1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "11.5.0",
              "versionEndExcluding": "11.5.3",
              "matchCriteriaId": "D292F8EF-8232-4803-A465-18C6CCBB6DEB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326",
      "source": "trellixpsirt@trellix.com"
    }
  ]
}