VYPR

ePO

by Trellix

CVEs (2)

  • CVE-2024-4843MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.

  • CVE-2022-3338Oct 18, 2022
    risk 0.00cvss epss 0.00

    An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully…