Vulnerabilidades em Trellix
52 resultadosCVE-2024-5956MEDIUMThis vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IEPSS 0.4%CVE-2023-0978MEDIUM
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and executeEPSS 0.4%CVE-2025-0617MEDIUMAn attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection EPSS 0.4%CVE-2024-5957MEDIUMThis vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.EPSS 0.4%CVE-2024-9679MEDIUMA Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user creEPSS 0.4%CVE-2024-5955MEDIUMCross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated aEPSS 0.4%CVE-2023-5444HIGHCSRF in ePO leading to privilege escalationEPSS 0.4%CVE-2023-6072MEDIUM
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to crafEPSS 0.3%CVE-2022-2313HIGHDLL high jacking in Trellix AgentEPSS 0.3%CVE-2024-4176MEDIUMAn Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-InjectEPSS 0.3%CVE-2024-5731MEDIUMA vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination EPSS 0.3%CVE-2024-7608MEDIUMAn authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.EPSS 0.3%CVE-2024-4843MEDIUMePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged EPSS 0.3%CVE-2023-6070MEDIUM
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary cEPSS 0.2%CVE-2024-4844HIGHHardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attackeEPSS 0.2%CVE-2022-4326MEDIUMTrellix xAgent permission bypass vulnerabilityEPSS 0.2%CVE-2023-3438MEDIUM
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe).
TEPSS 0.2%CVE-2023-3665MEDIUM
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI componentEPSS 0.2%CVE-2023-6119MEDIUM
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain EPSS 0.2%CVE-2022-3859MEDIUMAn uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker withEPSS 0.2%