CVE-2019-3591— DLP Endpoint ePO extension vulnerable to XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3591
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DLP Endpoint ePO extension vulnerable to XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
McAfee Data Loss Prevention Endpoint 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
McAfee Data Loss Prevention Endpoint(DLPe)是美国迈克菲(McAfee)公司的一套集成式终端数据保护解决方案。该方案能够防止机密数据被盗和意外泄露,并提供针对文件处理和传输的安全策略、共享终端数据流控制和数据加密等功能。 基于Windows平台McAfee DLPe 11.3.0之前的11.x版本中的ePO扩展存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| McAfee, LLC | Data Loss Prevention ePO extension | 11.x ~ 11.3.0 | - |
II. Public POCs for CVE-2019-3591
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3591
Please Login to view more intelligence information
- https://kc.mcafee.com/corporate/index?page=content&id=SB10289x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3591
Same Patch Batch · McAfee, LLC · 2019-07-24 · 3 CVEs total
| CVE-2019-3622 | DLP Endpoint log file redirection to arbitrary locations | |
| CVE-2019-3595 | DLP Endpoint ePO extension not sanitizing CSV exports |
IV. Related Vulnerabilities
Same vendor: McAfee, LLC
- CVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Produ - CVE-2020-7343
Improper Authorization vulnerability in MA - CVE-2020-7337
Incorrect Permission Assignment for Critical Resource - CVE-2020-7333
Cross-site Scripting (XSS) in firewall ePO extension of McAf - CVE-2020-7332
Cross-Site Request Forgery (CSRF) in firewall ePO extension
V. Comments for CVE-2019-3591
No comments yet