Vulnerabilities > Trellix > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-5956 Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 11.1.7.97
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
network
low complexity
trellix CWE-287
5.3
2024-06-13 CVE-2024-4176 Cross-site Scripting vulnerability in Trellix Xconsole
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables.
network
low complexity
trellix CWE-79
5.4
2024-02-13 CVE-2023-6072 Cross-site Scripting vulnerability in Trellix Central Management System
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
network
low complexity
trellix CWE-79
5.4
2024-01-10 CVE-2024-0310 Cross-site Scripting vulnerability in Trellix Endpoint Security web Control 10.7.0
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.
network
low complexity
trellix CWE-79
6.1
2023-11-29 CVE-2023-6070 Server-Side Request Forgery (SSRF) vulnerability in Trellix Enterprise Security Manager
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration.
network
low complexity
trellix CWE-918
4.3
2023-04-03 CVE-2023-0977 Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
network
low complexity
trellix CWE-787
6.5
2023-03-13 CVE-2023-0978 Command Injection vulnerability in multiple products
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings.
local
low complexity
mcafee trellix CWE-77
6.7
2023-01-18 CVE-2023-0214 Cross-site Scripting vulnerability in Trellix Skyhigh Secure web Gateway
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
network
low complexity
trellix CWE-79
6.1
2022-12-16 CVE-2022-4326 Improper Preservation of Permissions vulnerability in Trellix Endpoint Security
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.
local
low complexity
trellix CWE-281
6.0
2022-11-30 CVE-2022-3859 Uncontrolled Search Path Element vulnerability in Trellix Agent
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8.
local
low complexity
trellix CWE-427
6.7