CVE-2019-3591 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2019-3591?

CVE-2019-3591 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3591?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Data Loss Prevention Endpoint, Microsoft Windows.

Vulnerability Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.

CVSS Score

3.9

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mcafee	Data Loss Prevention Endpoint	>= 11.0, < 11.1.200
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2019-3591?

CVE-2019-3591 is a vulnerability with a CVSS score of 3.9 (LOW). Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remo...

How severe is CVE-2019-3591?

CVE-2019-3591 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3591?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Data Loss Prevention Endpoint, Microsoft Windows.