Fireeye
Products
6- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6072 | 0.00 | — | 0.00 | Feb 13, 2024 | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | |||
| CVE-2024-0320 | 0.00 | — | 0.00 | Jan 15, 2024 | Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. | |||
| CVE-2024-0319 | 0.00 | — | 0.00 | Jan 15, 2024 | Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | |||
| CVE-2024-0318 | 0.00 | — | 0.00 | Jan 15, 2024 | Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. | |||
| CVE-2024-0317 | 0.00 | — | 0.00 | Jan 15, 2024 | Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. | |||
| CVE-2024-0316 | 0.00 | — | 0.00 | Jan 15, 2024 | Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage. | |||
| CVE-2024-0315 | 0.00 | — | 0.00 | Jan 15, 2024 | Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | |||
| CVE-2024-0314 | 0.00 | — | 0.00 | Jan 15, 2024 | XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. | |||
| CVE-2023-40685 | 0.00 | — | 0.00 | Oct 29, 2023 | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating… | |||
| CVE-2021-28969 | 0.00 | — | 0.01 | Apr 1, 2021 | eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects… | |||
| CVE-2020-25034 | 0.00 | — | 0.01 | Oct 26, 2020 | eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature. |
- CVE-2023-6072Feb 13, 2024risk 0.00cvss —epss 0.00
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
- CVE-2024-0320Jan 15, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
- CVE-2024-0319Jan 15, 2024risk 0.00cvss —epss 0.00
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
- CVE-2024-0318Jan 15, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.
- CVE-2024-0317Jan 15, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
- CVE-2024-0316Jan 15, 2024risk 0.00cvss —epss 0.00
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.
- CVE-2024-0315Jan 15, 2024risk 0.00cvss —epss 0.00
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.
- CVE-2024-0314Jan 15, 2024risk 0.00cvss —epss 0.00
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.
- CVE-2023-40685Oct 29, 2023risk 0.00cvss —epss 0.00
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating…
- CVE-2021-28969Apr 1, 2021risk 0.00cvss —epss 0.01
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects…
- CVE-2020-25034Oct 26, 2020risk 0.00cvss —epss 0.01
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.