CVE-2019-3622 HIGH

CVE-2019-3622: DLP Endpoint log file redirection to arbitrary locations

Vendor Mcafee, Llc
Product Data Loss Prevention (DLPe) for Windows
Weakness CWE-552 · Files accessible externally
Published July 24, 2019
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

Key dates

02Disclosure timeline

July 24, 2019 CVE published
August 4, 2024 Record updated