VYPR
Vendor

Fireeye

Products
6
CVEs
11
Across products
11
Status
Private

Products

6

Recent CVEs

11
  • CVE-2023-6072Feb 13, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

  • CVE-2024-0320Jan 15, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.

  • CVE-2024-0319Jan 15, 2024
    risk 0.00cvss epss 0.00

    Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.

  • CVE-2024-0318Jan 15, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.

  • CVE-2024-0317Jan 15, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.

  • CVE-2024-0316Jan 15, 2024
    risk 0.00cvss epss 0.00

    Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.

  • CVE-2024-0315Jan 15, 2024
    risk 0.00cvss epss 0.00

    Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

  • CVE-2024-0314Jan 15, 2024
    risk 0.00cvss epss 0.00

    XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.

  • CVE-2023-40685Oct 29, 2023
    risk 0.00cvss epss 0.00

    Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating…

  • CVE-2021-28969Apr 1, 2021
    risk 0.00cvss epss 0.01

    eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects…

  • CVE-2020-25034Oct 26, 2020
    risk 0.00cvss epss 0.01

    eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.