CVE-2021-31832
Cross site scripting vulnerability in DLP Endpoint for Windows
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Produtos afetados
McAfee,LLC · McAfee Data Loss Prevention (DLP) Endpoint for WindowsQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →