Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Fireeye Security Vulnerabilities

cve
cve

CVE-2020-25034

eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.

6.5CVSS

6.7AI Score

0.001EPSS

2020-10-26 07:15 PM
22
cve
cve

CVE-2021-28969

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the ...

6.5CVSS

6.5AI Score

0.001EPSS

2021-04-01 08:15 PM
49
3
cve
cve

CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.

6.5CVSS

6.5AI Score

0.001EPSS

2021-04-01 08:15 PM
54
cve
cve

CVE-2024-0314

XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.

6.1CVSS

5.9AI Score

0.0005EPSS

2024-01-15 04:15 PM
15
cve
cve

CVE-2024-0315

Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

7.8CVSS

7.5AI Score

0.001EPSS

2024-01-15 04:15 PM
16
cve
cve

CVE-2024-0316

Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.

7.5CVSS

7.4AI Score

0.0005EPSS

2024-01-15 04:15 PM
14
cve
cve

CVE-2024-0317

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.

6.1CVSS

5.9AI Score

0.0005EPSS

2024-01-15 05:15 PM
10
cve
cve

CVE-2024-0318

Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.

6.1CVSS

5.9AI Score

0.0005EPSS

2024-01-15 05:15 PM
16
cve
cve

CVE-2024-0319

Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.

6.1CVSS

6.1AI Score

0.0005EPSS

2024-01-15 05:15 PM
17
cve
cve

CVE-2024-0320

Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.

6.1CVSS

5.9AI Score

0.0005EPSS

2024-01-15 05:15 PM
7