CVE-2019-3622

Name of the Vulnerable Software and Affected Versions McAfee Data Loss Prevention (DLPe) for Windows versions prior to 11.3.0

Description The issue is related to insufficient access control in McAfee Data Loss Prevention Endpoint, allowing an authenticated user to redirect log files to arbitrary locations by creating symbolic links due to incorrect access control applied to the log folder. This can be exploited by a privileged user.

Recommendations For versions prior to 11.3.0, update to version 11.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the DLPe log folder to prevent privileged users from creating symbolic links until a patch is available.