PT-2020-19562 · Mcafee · Mcafee Endpoint Security
Published
2020-11-12
·
Updated
2023-11-16
·
CVE-2020-7333
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
McAfee Endpoint Security (ENS) versions prior to 10.7.0 November 2020 Update
Description
The issue allows administrators to inject arbitrary web script or HTML via the configuration wizard, which is a result of a cross-site scripting vulnerability in the firewall ePO extension.
Recommendations
For versions prior to 10.7.0 November 2020 Update, update to the November 2020 Update or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Endpoint Security