cbcvebase.
CVE-2022-2330
published 2022-08-30

CVE-2022-2330: Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.76%
50.8th percentile
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

Affected

3 ranges
VendorProductVersion rangeFixed in
mcafeedata_loss_prevention_endpoint< 11.6.600.21211.6.600.212
mcafeedata_loss_prevention_endpoint>= 11.9.0 < 11.9.10011.9.100
trellixdlp_endpoint_for_windows>= unspecified < 11.9.10011.9.100
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.