CVE-2022-2330

EUVD-2022-34599
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
trellixCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
mcafeedata_loss_prevention_endpoint
𝑥
< 11.6.600.212
mcafeedata_loss_prevention_endpoint
11.9.0 ≤
𝑥
< 11.9.100
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kcm.trellix.com/corporate/index?page=content&id=SB10386
https://kcm.trellix.com/corporate/index?page=content&id=SB10386