Lucene search

TrellixCVELIST:CVE-2023-3946

HistoryJul 26, 2023 - 5:10 a.m.

CVE-2023-3946

2023-07-2605:10:44

CWE-79

trellix

www.cve.org

xss vulnerability

epo

session hijack

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.9%

JSON

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Trellix EPO",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThan": " 5.10.0 SP1 UP1",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10402

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for CVELIST:CVE-2023-3946