Mcafee Data Loss Prevention Endpoint vulnerabilities

CVE-2022-2330 [MEDIUM] CWE-611 CVE-2022-2330: Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prio Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

CVE-2021-31849 [HIGH] CWE-89 CVE-2021-31849: SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 all SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

CVE-2021-31848 [HIGH] CWE-79 CVE-2021-31848: Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

CVE-2021-31844 [HIGH] CWE-120 CVE-2021-31844: A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 1 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destin

CVE-2021-23887 [HIGH] CWE-269 CVE-2021-23887: Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior t Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through th

CVE-2021-23886 [MEDIUM] CWE-755 CVE-2021-23886: Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 1 Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.

CVE-2019-3634 [MEDIUM] CWE-119 CVE-2019-3634: Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows loca Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

CVE-2019-3633 [MEDIUM] CWE-119 CVE-2019-3633: Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows loca Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.

CVE-2019-3621 [MEDIUM] CVE-2019-3621: Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11. Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.

CVE-2019-3622 [HIGH] CWE-552 CVE-2019-3622: Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Window Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

CVE-2019-3595 [MEDIUM] CWE-78 CVE-2019-3595: Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our check

CVE-2019-3591 [LOW] CWE-79 CVE-2019-3591: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extensio Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe

CVE-2018-6689 [HIGH] CWE-287 CVE-2018-6689: Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier th Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.

CVE-2018-6683 [HIGH] CWE-276 CVE-2018-6683: Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss P Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.

CVE-2018-6664 [MEDIUM] CWE-347 CVE-2018-6664: Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DL Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

CVE-2017-3948 [MEDIUM] CWE-79 CVE-2017-3948: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.

CVE-2016-8012 [HIGH] CWE-264 CVE-2016-8012: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3. Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.

CVE-2016-3984 [MEDIUM] CWE-284 CVE-2016-3984: The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, En

CVE-2015-2759 [MEDIUM] CWE-352 CVE-2015-2759: Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.

CVE-2015-2757 [MEDIUM] CWE-399 CVE-2015-2757: The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.4 The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.