Vendor CVEs
Trellix
All CVEs
49 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5671 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2024 | Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. | ||
| CVE-2023-6071 | Hig | 0.55 | 8.4 | 0.01 | Nov 30, 2023 | An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. | ||
| CVE-2023-5607 | Hig | 0.55 | 8.4 | 0.01 | Nov 27, 2023 | An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a… | ||
| CVE-2024-0213 | Hig | 0.53 | 8.2 | 0.00 | Jan 9, 2024 | A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the… | ||
| CVE-2023-3314 | Hig | 0.53 | 8.1 | 0.01 | Jul 3, 2023 | A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application… | ||
| CVE-2023-0975 | Hig | 0.53 | 8.2 | 0.00 | Apr 3, 2023 | A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | ||
| CVE-2022-2313 | Hig | 0.53 | 8.2 | 0.00 | Jul 27, 2022 | A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. | ||
| CVE-2023-5444 | Hig | 0.52 | 8.0 | 0.00 | Nov 17, 2023 | A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit… | ||
| CVE-2023-3313 | Hig | 0.51 | 7.8 | 0.00 | Jul 3, 2023 | An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | ||
| CVE-2024-4844 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database… | ||
| CVE-2025-3771 | Hig | 0.46 | 7.1 | 0.00 | Jun 26, 2025 | A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the… | ||
| CVE-2024-0206 | Hig | 0.46 | 7.1 | 0.00 | Jan 9, 2024 | A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry… | ||
| CVE-2023-4814 | Hig | 0.46 | 7.1 | 0.00 | Sep 14, 2023 | A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | ||
| CVE-2024-5731 | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2024 | A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | ||
| CVE-2023-0977 | Med | 0.44 | 6.7 | 0.01 | Apr 3, 2023 | A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | ||
| CVE-2022-3859 | Med | 0.44 | 6.7 | 0.00 | Nov 30, 2022 | An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing… | ||
| CVE-2023-0214 | Med | 0.43 | 6.1 | 0.02 | Jan 18, 2023 | A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing… | ||
| CVE-2024-5956 | Med | 0.42 | 6.5 | 0.00 | Sep 5, 2024 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | ||
| CVE-2023-6119 | Med | 0.42 | 6.5 | 0.00 | Nov 16, 2023 | An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it… | ||
| CVE-2023-0978 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2023 | A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments… | ||
| CVE-2022-2188 | Med | 0.42 | 6.5 | 0.00 | Nov 7, 2022 | Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | ||
| CVE-2022-2330 | Med | 0.42 | 6.5 | 0.01 | Aug 30, 2022 | Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file,… | ||
| CVE-2024-5957 | Med | 0.41 | 6.3 | 0.00 | Sep 5, 2024 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. | ||
| CVE-2023-1388 | Med | 0.41 | 6.3 | 0.01 | Jun 7, 2023 | A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | ||
| CVE-2023-0976 | Med | 0.41 | 6.3 | 0.01 | Jun 7, 2023 | A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | ||
| CVE-2025-0617 | Med | 0.38 | 5.9 | 0.00 | Jan 29, 2025 | An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service. | ||
| CVE-2024-7608 | Med | 0.38 | 5.9 | 0.00 | Aug 27, 2024 | An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | ||
| CVE-2023-0400 | Med | 0.38 | 5.9 | 0.00 | Feb 2, 2023 | The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented.… | ||
| CVE-2022-3340 | Med | 0.38 | 5.9 | 0.01 | Nov 4, 2022 | XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | ||
| CVE-2025-3773 | Med | 0.36 | 5.5 | 0.00 | Jun 26, 2025 | A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. | ||
| CVE-2024-0312 | Med | 0.36 | 5.5 | 0.00 | Mar 14, 2024 | A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. | ||
| CVE-2023-3665 | Med | 0.36 | 5.5 | 0.00 | Oct 4, 2023 | A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | ||
| CVE-2022-4326 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal… | ||
| CVE-2024-5955 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2024 | Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator. | ||
| CVE-2023-5445 | Med | 0.35 | 5.4 | 0.00 | Nov 17, 2023 | An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user… | ||
| CVE-2023-3946 | Med | 0.35 | 5.4 | 0.00 | Jul 26, 2023 | A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.… | ||
| CVE-2022-3339 | Med | 0.35 | 5.4 | 0.01 | Oct 18, 2022 | A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.… | ||
| CVE-2022-3338 | Med | 0.35 | 5.4 | 0.00 | Oct 18, 2022 | An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully… | ||
| CVE-2025-5967 | Med | 0.34 | — | 0.00 | Jul 1, 2025 | A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data. | ||
| CVE-2024-9679 | Med | 0.34 | 5.3 | 0.00 | Dec 16, 2024 | A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. | ||
| CVE-2024-9678 | Med | 0.32 | 4.9 | 0.01 | Dec 16, 2024 | An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution. | ||
| CVE-2023-6072 | Med | 0.30 | 4.6 | 0.00 | Feb 13, 2024 | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | ||
| CVE-2025-3722 | Med | 0.29 | 4.4 | 0.00 | Jun 26, 2025 | A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly… | ||
| CVE-2023-3438 | Med | 0.29 | 4.4 | 0.00 | Jul 3, 2023 | An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege… | ||
| CVE-2023-0221 | Med | 0.29 | 4.4 | 0.00 | Jan 13, 2023 | Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | ||
| CVE-2024-6398 | Med | 0.28 | 4.3 | 0.00 | Jul 15, 2024 | An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk… | ||
| CVE-2024-4843 | Med | 0.28 | 4.3 | 0.00 | May 16, 2024 | ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege. | ||
| CVE-2024-4176 | Med | 0.27 | 4.1 | 0.00 | Jun 13, 2024 | An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted… | ||
| CVE-2025-14963 | 0.00 | — | 0.00 | Feb 24, 2026 | A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process… |
- risk 0.64cvss 9.8epss 0.01
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.
- risk 0.55cvss 8.4epss 0.01
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
- risk 0.55cvss 8.4epss 0.01
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a…
- risk 0.53cvss 8.2epss 0.00
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the…
- risk 0.53cvss 8.1epss 0.01
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application…
- risk 0.53cvss 8.2epss 0.00
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.
- risk 0.53cvss 8.2epss 0.00
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.
- risk 0.52cvss 8.0epss 0.00
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit…
- risk 0.51cvss 7.8epss 0.00
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
- risk 0.49cvss 7.5epss 0.00
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database…
- risk 0.46cvss 7.1epss 0.00
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the…
- risk 0.46cvss 7.1epss 0.00
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry…
- risk 0.46cvss 7.1epss 0.00
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.
- risk 0.44cvss 6.8epss 0.00
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
- risk 0.44cvss 6.7epss 0.01
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
- risk 0.44cvss 6.7epss 0.00
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing…
- risk 0.43cvss 6.1epss 0.02
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing…
- risk 0.42cvss 6.5epss 0.00
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
- risk 0.42cvss 6.5epss 0.00
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it…
- risk 0.42cvss 6.4epss 0.00
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments…
- risk 0.42cvss 6.5epss 0.00
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.
- risk 0.42cvss 6.5epss 0.01
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file,…
- risk 0.41cvss 6.3epss 0.00
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
- risk 0.41cvss 6.3epss 0.01
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
- risk 0.41cvss 6.3epss 0.01
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.
- risk 0.38cvss 5.9epss 0.00
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.
- risk 0.38cvss 5.9epss 0.00
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
- risk 0.38cvss 5.9epss 0.00
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented.…
- risk 0.38cvss 5.9epss 0.01
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
- risk 0.36cvss 5.5epss 0.00
A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.
- risk 0.36cvss 5.5epss 0.00
A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.
- risk 0.36cvss 5.5epss 0.00
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
- risk 0.36cvss 5.5epss 0.00
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal…
- risk 0.35cvss 5.4epss 0.00
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator.
- risk 0.35cvss 5.4epss 0.00
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user…
- risk 0.35cvss 5.4epss 0.00
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…
- risk 0.35cvss 5.4epss 0.01
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…
- risk 0.35cvss 5.4epss 0.00
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully…
- risk 0.34cvss —epss 0.00
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.
- risk 0.34cvss 5.3epss 0.00
A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.
- risk 0.32cvss 4.9epss 0.01
An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.
- risk 0.30cvss 4.6epss 0.00
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
- risk 0.29cvss 4.4epss 0.00
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly…
- risk 0.29cvss 4.4epss 0.00
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege…
- risk 0.29cvss 4.4epss 0.00
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
- risk 0.28cvss 4.3epss 0.00
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk…
- risk 0.28cvss 4.3epss 0.00
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.
- risk 0.27cvss 4.1epss 0.00
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted…
- CVE-2025-14963Feb 24, 2026risk 0.00cvss —epss 0.00
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process…