CVE-2019-3622

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

Published: Jul 24, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3622
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
mcafee / data_loss_prevention_endpoint	11.0	11.1.200
mcafee / data_loss_prevention_endpoint	11.2.000	11.3.0

http://www.securityfocus.com/bid/109370
https://kc.mcafee.com/corporate/index?page=content&id=SB10290

Vulnerability Database

289,784

CVE-2019-3622