Vulnerabilities > Trellix > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-5957 Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 10.1
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
network
low complexity
trellix CWE-287
7.5
2024-01-09 CVE-2024-0206 Link Following vulnerability in Trellix Anti-Malware Engine 6600
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges.
local
low complexity
trellix CWE-59
7.8
2024-01-09 CVE-2024-0213 Classic Buffer Overflow vulnerability in Trellix Agent
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root.
local
low complexity
trellix CWE-120
7.8
2023-11-30 CVE-2023-6071 Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7/11.6.8
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM.
network
low complexity
trellix CWE-77
7.2
2023-11-27 CVE-2023-5607 Path Traversal vulnerability in Trellix Application and Change Control
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file.
network
low complexity
trellix CWE-22
7.2
2023-11-16 CVE-2023-6119 Improper Privilege Management vulnerability in Trellix Getsusp
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level.
local
low complexity
trellix CWE-269
7.8
2023-10-04 CVE-2023-3665 Code Injection vulnerability in Trellix Endpoint Security
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
local
low complexity
trellix CWE-94
7.8
2023-09-14 CVE-2023-4814 Incorrect Authorization vulnerability in Trellix Data Loss Prevention 11.10.100.17
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.
local
low complexity
trellix CWE-863
7.1
2023-07-03 CVE-2023-3314 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s).
network
low complexity
trellix CWE-78
8.8
2023-07-03 CVE-2023-3313 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
local
low complexity
trellix CWE-78
7.8