Lucene search

TrellixCVELIST:CVE-2020-7332

HistoryNov 11, 2020 - 12:00 a.m.

CVE-2020-7332 Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)

2020-11-1100:00:00

CWE-352

trellix

www.cve.org

7 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

CNA Affected

[
  {
    "product": "Endpoint Security for Windows",
    "vendor": "Mcafee, LLC",
    "versions": [
      {
        "lessThanOrEqual": "10.7.0 September 2020 Update",
        "status": "affected",
        "version": "10.7.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10335

7 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2020-7332