Mcafee Data Loss Prevention Epo Extension vulnerabilities
2 known vulnerabilities affecting mcafee/data_loss_prevention_epo_extension.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-31849HIGHCVSS 7.2≥ unspecified, < 11.7.100≥ unspecified, < 11.6.4002021-11-01
CVE-2021-31849 [HIGH] CWE-89 CVE-2021-31849: SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 all
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
cvelistv5nvd
CVE-2021-31848MEDIUMCVSS 6.1≥ unspecified, < 11.7.100≥ unspecified, < 11.6.4002021-11-01
CVE-2021-31848 [MEDIUM] CWE-79 CVE-2021-31848: Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
cvelistv5nvd