Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Data_loss_prevention | Mcafee | 11.3.0 (including) | 11.3.28 (excluding) |
Data_loss_prevention | Mcafee | 11.4.0 (including) | 11.4.200 (excluding) |
Data_loss_prevention | Mcafee | 11.5.0 (including) | 11.5.3 (excluding) |