Lucene search

TrellixCVELIST:CVE-2023-5445

HistoryNov 17, 2023 - 10:01 a.m.

CVE-2023-5445

2023-11-1710:01:36

CWE-601

trellix

www.cve.org

cve-2023-5445

remote user

low privileged

modify url parameter

malicious site

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ePolicy Orchestrator",
    "vendor": "Trellix",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 5.10.0 SP1 UP2"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10410

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVELIST:CVE-2023-5445