Cross-Site Scripting Vulnerability in Trellix ePolicy Orchestrator
CVE-2024-5955

5.4MEDIUM

Key Information:

Vendor: Trellix
Status: Epo Onprem Sp1 Update4
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-5955 is a critical cross-site scripting vulnerability found in Trellix ePolicy Orchestrator prior to version 5.10 Service Pack 1 Update 3. This flaw allows an authenticated remote attacker to craft specially designed requests that can inject arbitrary content into the response of the ePolicy Orchestrator. Exploiting this vulnerability could lead to unauthorized actions being performed on behalf of users, compromising the security and integrity of the management environment. Users are advised to update their systems to the latest version to mitigate potential risks. For detailed information, please refer to the official Trellix article.

Affected Version(s)

ePO Onprem Sp1 Update4 sp1 update3 and versions prior

References

https://thrive.trellix.com/s/article/000014118

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Jun 13, 2024