CVE-2019-3622

EUVD-2019-13257
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
trellixCNA
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
mcafeedata_loss_prevention_endpoint
11.0 ≤
𝑥
< 11.1.200
mcafeedata_loss_prevention_endpoint
11.2.000 ≤
𝑥
< 11.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109370
https://kc.mcafee.com/corporate/index?page=content&id=SB10290
http://www.securityfocus.com/bid/109370
https://kc.mcafee.com/corporate/index?page=content&id=SB10290