Skip to main content

Data Loss Prevention CVE-2019-3640

MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2019-11-14 trellixpsirt@trellix.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 00:15 nvd
MEDIUM 6.5

DescriptionNVD

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.

AnalysisAI

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. Affected products include: Mcafee Data Loss Prevention. Version information: prior to 11.4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-1700 CRITICAL
9.8 Sep 12

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss

CVE-2023-0400 HIGH
8.2 Feb 02

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. Rated high severity (CVSS

CVE-2020-7304 HIGH
7.6 Aug 13

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authe

CVE-2023-4814 HIGH
7.1 Sep 14

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete an

CVE-2015-1485 MEDIUM
6.8 Jun 28

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Los

CVE-2020-7305 MEDIUM
6.5 Aug 13

Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privi

CVE-2020-7302 MEDIUM
6.4 Aug 13

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allow

CVE-2020-7300 MEDIUM
6.3 Aug 12

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authentic

CVE-2020-7307 MEDIUM
5.2 Aug 13

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows loc

CVE-2020-7306 MEDIUM
5.2 Aug 13

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows loc

CVE-2021-31832 MEDIUM
4.8 Jun 09

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for W

CVE-2019-9701 MEDIUM POC
4.8 Jun 19

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue th

Share

CVE-2019-3640 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy