Arbitrary Location Redirection Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0

Arbitrary Location Redirection Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0

CVE-2019-3622 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

Learn more about our External Network Penetration Testing.