CVE-2023-0400 MEDIUM

CVE-2023-0400

Vendor Trellix
Product Data Loss Prevention (DLP)
Weakness CWE-670
Published February 1, 2023
Last update March 26, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Key dates

02Disclosure timeline

February 1, 2023 CVE published
March 26, 2025 Record updated