CVE-2023-0400

Name of the Vulnerable Software and Affected Versions DLP for Windows versions 11.9.x

Description The issue allows a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. It is noted that loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Recommendations For versions 11.9.x, update to version 11.10.0 to resolve the issue. For versions prior to 11.9, no update is needed as these versions correctly detect and block the attempted upload of sensitive data. As a temporary workaround for version 11.9.x, consider restricting access to web email clients to minimize the risk of exploitation until a patch is applied.