exploitDog

CVE-2020-7328

Опубликовано: 11 нояб. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10334
Broken Link
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10334
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*

Версия до 20.11 (исключая)

EPSS

Процентиль: 81%

0.01461

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-h485-jr3p-6h83

CVSS3: 7.2

github

больше 3 лет назад

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.

EPSS

Процентиль: 81%

0.01461

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918

CWE-918