Trellix Epolicy Orchestrator
4 CVEs affecting Trellix Epolicy Orchestrator. Latest disclosed: 2024-05-16. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5444 | High | 8.0 | 2023-11-17 | A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new u… |
CVE-2024-4844 | High | 7.5 | 2024-05-16 | Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privil… |
CVE-2023-5445 | Medium | 5.4 | 2023-11-17 | An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the p… |
CVE-2024-4843 | Medium | 4.3 | 2024-05-16 | ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate… |