CVE-2020-7304

Summary

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

Affected Software

VendorProductVersion RangeStatus
McAfeeDLP ePO extension11.3 < 11.3.28affected
McAfeeDLP ePO extension11.4 < 11.4.200affected
McAfeeDLP ePO extension11.5 < 11.5.3affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References