CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

Published: Aug 30, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-2330
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
mcafee / data_loss_prevention_endpoint	-	11.6.600.212
mcafee / data_loss_prevention_endpoint	11.9.0	11.9.100

https://kcm.trellix.com/corporate/index?page=content&id=SB10386

Vulnerability Database

289,697

CVE-2022-2330