22 matches found
EUVD-2024-44425
Malicious code in bioql PyPI...
EUVD-2024-47160
Malicious code in bioql PyPI...
CVE-2024-5955
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-5955
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...
CVE-2024-5955
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...
CVE-2024-5955
Summary: CVE-2024-5955 is a cross-site scripting vulnerability in Trellix ePolicy Orchestrator (ePO) prior to 5.10 Service Pack 1 Update 3. The issue allows a remote authenticated attacker to craft requests that inject arbitrary content into the response when accessing ePolicy Orchestrator. Affec...
CVE-2024-5955
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...
Trellix ePolicy Orchestrator 跨站脚本漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from FireEye Trellix USA. A cross-site scripting vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10 Service Pack 1 Update 3. An attacker could use this vulnerability to inject arbitrary content int...
PT-2024-37268 · Trellix · Trellix Epolicy Orchestrator
Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator versions prior to 5.10 Service Pack 1 Update 3 Description: A cross-site scripting issue allows a remote authenticated attacker to craft requests that cause arbitrary content to be injected into the response when...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
Trellix ePolicy Orchestrator 信任管理问题漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A trust management issue vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10 that stems from the use of hard-coded credentials that allow an attacker with administrator privileges to...
Trellix ePolicy Orchestrator 安全漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10 that stems from the presence of an insecure direct object reference that allows a low-privileged user to manipulate clien...
PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator
Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...
Trellix ePolicy Orchestrator Input Validation Error Vulnerability
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of an open redirection vulnerability. A low-privileged attacker can exploit t...
Trellix ePolicy Orchestrator Cross-Site Request Forgery Vulnerability
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of a cross-site request forgery CSRF vulnerability. A low-privileged attacker...
Trellix ePolicy Orchestrator 跨站脚本漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10 SP1 Update 1, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability. The vulnerability can...
Vulnerabilities fixed in Trellix ePolicy Orchestrator
Vulnerabilities have been fixed in Trellix ePolicy Orchestrator. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights. Access to system data For the vulnerabili...
Trellix ePolicy Orchestrator 跨站脚本漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...