Headline
CVE-2021-31849: Security Bulletin - Data Loss Prevention ePO extension update fixes two vulnerabilities (CVE-2021-31848 and CVE-2021-31849)
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
Related news
CVE-2021-31848: Security Bulletin - Data Loss Prevention ePO extension update fixes two vulnerabilities (CVE-2021-31848 and CVE-2021-31849)
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.