VYPR

Vendor CVEs

Trellix

All CVEs

49 total · sorted by risk
  • CVE-2024-5671CriJun 14, 2024
    risk 0.64cvss 9.8epss 0.01

    Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

  • CVE-2023-6071HigNov 30, 2023
    risk 0.55cvss 8.4epss 0.01

    An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.

  • CVE-2023-5607HigNov 27, 2023
    risk 0.55cvss 8.4epss 0.01

    An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a…

  • CVE-2024-0213HigJan 9, 2024
    risk 0.53cvss 8.2epss 0.00

    A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the…

  • CVE-2023-3314HigJul 3, 2023
    risk 0.53cvss 8.1epss 0.01

    A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application…

  • CVE-2023-0975HigApr 3, 2023
    risk 0.53cvss 8.2epss 0.00

    A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.

  • CVE-2022-2313HigJul 27, 2022
    risk 0.53cvss 8.2epss 0.00

    A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.

  • CVE-2023-5444HigNov 17, 2023
    risk 0.52cvss 8.0epss 0.00

    A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit…

  • CVE-2023-3313HigJul 3, 2023
    risk 0.51cvss 7.8epss 0.00

    An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.

  • CVE-2024-4844HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database…

  • CVE-2025-3771HigJun 26, 2025
    risk 0.46cvss 7.1epss 0.00

    A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the…

  • CVE-2024-0206HigJan 9, 2024
    risk 0.46cvss 7.1epss 0.00

    A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry…

  • CVE-2023-4814HigSep 14, 2023
    risk 0.46cvss 7.1epss 0.00

    A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.

  • CVE-2024-5731MedJun 14, 2024
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.

  • CVE-2023-0977MedApr 3, 2023
    risk 0.44cvss 6.7epss 0.01

    A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

  • CVE-2022-3859MedNov 30, 2022
    risk 0.44cvss 6.7epss 0.00

    An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing…

  • CVE-2023-0214MedJan 18, 2023
    risk 0.43cvss 6.1epss 0.02

    A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing…

  • CVE-2024-5956MedSep 5, 2024
    risk 0.42cvss 6.5epss 0.00

    This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

  • CVE-2023-6119MedNov 16, 2023
    risk 0.42cvss 6.5epss 0.00

    An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it…

  • CVE-2023-0978MedMar 13, 2023
    risk 0.42cvss 6.4epss 0.00

    A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments…

  • CVE-2022-2188MedNov 7, 2022
    risk 0.42cvss 6.5epss 0.00

    Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.

  • CVE-2022-2330MedAug 30, 2022
    risk 0.42cvss 6.5epss 0.01

    Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file,…

  • CVE-2024-5957MedSep 5, 2024
    risk 0.41cvss 6.3epss 0.00

    This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.

  • CVE-2023-1388MedJun 7, 2023
    risk 0.41cvss 6.3epss 0.01

    A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.

  • CVE-2023-0976MedJun 7, 2023
    risk 0.41cvss 6.3epss 0.01

    A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.

  • CVE-2025-0617MedJan 29, 2025
    risk 0.38cvss 5.9epss 0.00

    An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.

  • CVE-2024-7608MedAug 27, 2024
    risk 0.38cvss 5.9epss 0.00

    An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

  • CVE-2023-0400MedFeb 2, 2023
    risk 0.38cvss 5.9epss 0.00

    The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented.…

  • CVE-2022-3340MedNov 4, 2022
    risk 0.38cvss 5.9epss 0.01

    XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

  • CVE-2025-3773MedJun 26, 2025
    risk 0.36cvss 5.5epss 0.00

    A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.

  • CVE-2024-0312MedMar 14, 2024
    risk 0.36cvss 5.5epss 0.00

    A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.

  • CVE-2023-3665MedOct 4, 2023
    risk 0.36cvss 5.5epss 0.00

    A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

  • CVE-2022-4326MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal…

  • CVE-2024-5955MedDec 20, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator.

  • CVE-2023-5445MedNov 17, 2023
    risk 0.35cvss 5.4epss 0.00

    An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user…

  • CVE-2023-3946MedJul 26, 2023
    risk 0.35cvss 5.4epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…

  • CVE-2022-3339MedOct 18, 2022
    risk 0.35cvss 5.4epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…

  • CVE-2022-3338MedOct 18, 2022
    risk 0.35cvss 5.4epss 0.00

    An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully…

  • CVE-2025-5967MedJul 1, 2025
    risk 0.34cvss epss 0.00

    A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.

  • CVE-2024-9679MedDec 16, 2024
    risk 0.34cvss 5.3epss 0.00

    A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.

  • CVE-2024-9678MedDec 16, 2024
    risk 0.32cvss 4.9epss 0.01

    An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.

  • CVE-2023-6072MedFeb 13, 2024
    risk 0.30cvss 4.6epss 0.00

    A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

  • CVE-2025-3722MedJun 26, 2025
    risk 0.29cvss 4.4epss 0.00

    A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly…

  • CVE-2023-3438MedJul 3, 2023
    risk 0.29cvss 4.4epss 0.00

    An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege…

  • CVE-2023-0221MedJan 13, 2023
    risk 0.29cvss 4.4epss 0.00

    Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

  • CVE-2024-6398MedJul 15, 2024
    risk 0.28cvss 4.3epss 0.00

    An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk…

  • CVE-2024-4843MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.

  • CVE-2024-4176MedJun 13, 2024
    risk 0.27cvss 4.1epss 0.00

    An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted…

  • CVE-2025-14963Feb 24, 2026
    risk 0.00cvss epss 0.00

    A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process…