CVE-2020-7302

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention ePO extension versions prior to 11.5.3

Description: The issue is related to an unrestricted upload of files with dangerous types in the ePolicy Orchestrator extension of McAfee Data Loss Prevention. This could allow a remote attacker to upload malicious files. The exploitation is possible due to a lack of sanity checking, enabling authenticated attackers to upload harmful files to the DLP case management section.

Recommendations: For versions prior to 11.5.3, update to version 11.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality in the DLP case management section to minimize the risk of exploitation.