CVE-2019-3622— DLP Endpoint log file redirection to arbitrary locations
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3622
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DLP Endpoint log file redirection to arbitrary locations
Source: NVD (National Vulnerability Database)
Vulnerability Description
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
McAfee Data Loss Prevention Endpoint 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
McAfee Data Loss Prevention Endpoint(DLPe)是美国迈克菲(McAfee)公司的一套集成式终端数据保护解决方案。该方案能够防止机密数据被盗和意外泄露,并提供针对文件处理和传输的安全策略、共享终端数据流控制和数据加密等功能。 基于Windows平台的McAfee DLPe 11.3.0之前的11.x版本中存在安全漏洞,该漏洞源于程序没有对DLPe日志文件夹进行正确的访问控制。攻击者可利用该漏洞将DLPe日志文件重定向到任意位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| McAfee, LLC | Data Loss Prevention (DLPe) for Windows | 11.x ~ 11.3.0 | - |
II. Public POCs for CVE-2019-3622
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3622
请登录查看更多情报信息。
- https://kc.mcafee.com/corporate/index?page=content&id=SB10290x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3622
Same Patch Batch · McAfee, LLC · 2019-07-24 · 3 CVEs total
| CVE-2019-3591 | DLP Endpoint ePO extension vulnerable to XSS | |
| CVE-2019-3595 | DLP Endpoint ePO extension not sanitizing CSV exports |
IV. Related Vulnerabilities
Same vendor: McAfee, LLC
- CVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Produ - CVE-2020-7343
Improper Authorization vulnerability in MA - CVE-2020-7337
Incorrect Permission Assignment for Critical Resource - CVE-2020-7333
Cross-site Scripting (XSS) in firewall ePO extension of McAf - CVE-2020-7332
Cross-Site Request Forgery (CSRF) in firewall ePO extension
Same weakness: CWE-552
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2019-25709
CF Image Hosting Script 1.6.5 Unauthorized Database Access - CVE-2026-33698
Chamilo LMS affected by unauthenticated RCE in main/install - CVE-2021-47960
Synology SSL VPN Client 安全漏洞 - CVE-2026-35446
LORIS has a path traversal in FilesDownloadHandler
V. Comments for CVE-2019-3622
No comments yet