CVE-2020-7332

Summary

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

Affected Software

VendorProductVersion RangeStatus
Mcafee, LLCEndpoint Security for Windows10.7.x <= 10.7.0 September 2020 Updateaffected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References