Platform
windows
Component
mcafee-data-loss-prevention-epo-extension
Opgelost in
11.3.0
CVE-2019-3591 describes a cross-site scripting (XSS) vulnerability within the McAfee Data Loss Prevention (DLPe) ePO extension. This flaw allows an unauthenticated remote user to inject malicious JavaScript code into the ePO user interface. The vulnerability affects versions 11.0.0 through 11.3.0 of the extension and is mitigated by upgrading to version 11.3.0 or later.
An attacker exploiting CVE-2019-3591 can execute arbitrary JavaScript code within the context of the ePO user interface. This could lead to the theft of sensitive information, such as user credentials or configuration data. The attacker could also potentially manipulate the ePO interface to display misleading information or perform unauthorized actions. The attack vector involves crafting a malicious upload that is initially blocked by DLPe Web Protection, but then triggers XSS when a DLP administrator views the event within the ePO UI. This highlights a critical flaw in the handling of seemingly blocked content.
CVE-2019-3591 was published on July 24, 2019. The CVSS score is LOW (3.9). There are no publicly known active campaigns targeting this vulnerability. No evidence of exploitation in the wild has been reported. The vulnerability is not listed on KEV or EPSS, indicating a low probability of exploitation.
Exploit Status
EPSS
0.16% (37% percentiel)
CVSS-vector
The primary mitigation for CVE-2019-3591 is to upgrade the McAfee Data Loss Prevention (DLPe) ePO extension to version 11.3.0 or later. If an immediate upgrade is not feasible, consider implementing stricter input validation and output encoding within the ePO extension to prevent the injection of malicious scripts. While a direct WAF rule is unlikely to be effective due to the nature of the XSS, reviewing and tightening DLPe Web Protection rules to more aggressively filter potentially malicious uploads is recommended. After upgrading, confirm the vulnerability is resolved by attempting a crafted upload and verifying that the JavaScript is not executed.
Actualice la extensión McAfee Data Loss Prevention ePO a la versión 11.3.0 o posterior. Esta actualización corrige la vulnerabilidad XSS que permite la ejecución de JavaScript no autorizado en la interfaz de usuario de ePO.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2019-3591 is a cross-site scripting (XSS) vulnerability affecting McAfee Data Loss Prevention (DLPe) ePO extension versions 11.0.0–11.3.0. An attacker can inject JavaScript code via a crafted upload, potentially compromising DLP admin accounts.
You are affected if you are using McAfee Data Loss Prevention (DLPe) ePO extension versions 11.0.0 through 11.3.0. Check your ePO version and upgrade if necessary.
Upgrade the McAfee Data Loss Prevention (DLPe) ePO extension to version 11.3.0 or later to resolve this XSS vulnerability. Consider stricter input validation as an interim measure.
There is no evidence of active exploitation of CVE-2019-3591 in the wild, and it is not listed on KEV or EPSS, suggesting a low exploitation probability.
Refer to the McAfee Security Bulletin for details: https://kc.mcafee.com/corporate/details/kb/137321
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.