CVE-2021-31832
Last modified
CVE-2021-31832 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Data Loss Prevention | < 11.6.200 |
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10360Broken Link, Vendor Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10360Broken Link, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31832?
How severe is CVE-2021-31832?
How do I fix CVE-2021-31832?
Are you affected by CVE-2021-31832?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST