Lucene search

TrellixCVELIST:CVE-2022-3339

HistoryOct 18, 2022 - 12:00 a.m.

CVE-2022-3339 Reflected XSS in Trellix ePO server

2022-10-1800:00:00

CWE-79

trellix

www.cve.org

cve-2022-3339

xss

trellix epo

server

vulnerability

remote attacker

unauthenticated

administrator

session

link

sensitive information

alter information

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.3%

JSON

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

CNA Affected

[
  {
    "vendor": "Trellix",
    "product": "Trellix ePolicy Orchestrator (ePO)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.10 Update 14",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10387

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.3%

JSON

Related for CVELIST:CVE-2022-3339