Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-0400

Опубликовано: 02 фев. 2023
Источник: nvd
CVSS3: 5.9
CVSS3: 8.2
EPSS Низкий

Описание

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Комментарий

m

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:trellix:data_loss_prevention:*:*:*:*:*:*:*:*
Версия от 11.9.0 (включая) до 11.10.0 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.00108
Низкий

5.9 Medium

CVSS3

8.2 High

CVSS3

Дефекты

CWE-670
CWE-427

Связанные уязвимости

github логотип

GHSA-pp9v-vrjh-4q7m

CVSS3: 8.2
github
около 3 лет назад

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

EPSS

Процентиль: 30%
0.00108
Низкий

5.9 Medium

CVSS3

8.2 High

CVSS3

Дефекты

CWE-670
CWE-427