Skip to main content

Data Loss Prevention Endpoint CVE-2015-2759

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2015-03-27 cve@mitre.org
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 27, 2015 - 14:59 cve.org
MEDIUM 6.8

DescriptionCVE.org

Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.

AnalysisAI

Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. Affected products include: Mcafee Data Loss Prevention Endpoint. Version information: before 9.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2015-1305 MEDIUM POC
6.9 Feb 06

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, an

CVE-2016-3984 MEDIUM POC
5.1 Apr 08

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.

CVE-2018-6664 HIGH
8.8 May 25

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 1

CVE-2019-3622 HIGH
8.2 Jul 24

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3

CVE-2016-8012 HIGH
7.8 Mar 14

Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authentic

CVE-2021-23887 HIGH
7.8 Apr 15

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a

CVE-2018-6689 HIGH
7.8 Oct 03

Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.

CVE-2018-6683 HIGH
7.4 Jul 23

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for

CVE-2021-31844 HIGH
7.3 Sep 17

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a loc

CVE-2021-31849 HIGH
7.2 Nov 01

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacke

CVE-2015-2758 MEDIUM
6.5 Mar 27

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote

CVE-2015-1616 MEDIUM
6.5 Feb 17

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows re

Share

CVE-2015-2759 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy