ID |
CVE-2023-0400
|
Sažetak |
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
|
Reference |
|
CVSS |
Base: | 8.2 |
Impact: | 6.0 |
Exploitability: | 1.5 |
|
Pristup |
Vektor | Složenost | Autentikacija |
LOCAL |
LOW |
- |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
HIGH |
HIGH |
HIGH |
|
CVSS vektor |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Zadnje važnije ažuriranje |
07-11-2023 - 04:00 |
Objavljeno |
02-02-2023 - 09:15 |