3 matches found
CVE-2023-5444
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker mu...
CVE-2023-5444 CSRF in ePO leading to privilege escalation
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker mu...
CVE-2023-5444
CVE-2023-5444 involves Trellix ePolicy Orchestrator before 5.10.0 CP1 Update 2. a CSRF allows a remote low-privilege attacker to add a new administrator user, impacting the dashboard UI. The exploit reportedly requires altering the HTTP payload post submission before it reaches the ePO server. Af...