Reflected XSS in Trellix ePO server
CVE-2022-3339

5.4MEDIUM

Key Information:

Vendor: Trellix
Status: Trellix Epolicy Orchestrator (epo)
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-3339?

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

Affected Version(s)

Trellix ePolicy Orchestrator (ePO) < 5.10 Update 14

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 27, 2022