CVE-2022-2330

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 43.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trellix DLP Endpoint FOR WindowsMcafee Data Loss Prevention Endpoint
Timeline
PublishedAug 30
Latest updateAug 31

Description

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5trellix/dlp_endpoint_for_windowsunspecified11.9.100
NVDmcafee/data_loss_prevention_endpoint11.9.011.9.100+1

🔴Vulnerability Details

2
GHSA
GHSA-3mjp-86xg-ff9v: Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 112022-08-31
CVEList
XXE vulnerability in DLP Endpoint for Windows2022-08-30
CVE-2022-2330 (MEDIUM CVSS 6.5) | Improper Restriction of XML Externa | cvebase.io