{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T21:44:20.011","vulnerabilities":[{"cve":{"id":"CVE-2019-3595","sourceIdentifier":"trellixpsirt@trellix.com","published":"2019-07-24T15:15:12.180","lastModified":"2024-11-21T04:42:13.880","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en un comando ('Command Injection')  en la extensión ePO en McAfee Data Loss Prevention (DLP) 11.x antes de la versión 11.3.0 permite al administrador autenticado ejecutar código arbitrario con sus privilegios de máquina local a través de una Política de DLP especialmente diseñada, que es exportada y abierta en su máquina. En nuestras verificaciones, el usuario debe permitir explícitamente que se ejecute el código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.9}],"cvssMetricV30":[{"source":"trellixpsirt@trellix.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"trellixpsirt@trellix.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.1.200","matchCriteriaId":"5D6A5E1F-483B-419E-A879-0490507A2C3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.000","versionEndExcluding":"11.3.0","matchCriteriaId":"B1871DB6-7FA4-493E-A2E7-11D58C99FADD"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/109377","source":"trellixpsirt@trellix.com"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10289","source":"trellixpsirt@trellix.com"},{"url":"http://www.securityfocus.com/bid/109377","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10289","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}