CVE-2020-7300

Name of the Vulnerable Software and Affected Versions McAfee Data Loss Prevention (DLP) ePO extension versions prior to 11.5.3

Description The issue allows authenticated remote attackers to change the configuration when logged in with view-only privileges via carefully constructed HTTP post messages. This is due to an improper authorization vulnerability.

Recommendations For versions prior to 11.5.3, update to version 11.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration settings to prevent unauthorized changes until the update is applied.