Trellix Epolicy Orchestrator (Epo)
Approved changes feed: RSS · Atom
cpe:2.3:a:trellix:trellix_epolicy_orchestrator_(epo):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Trellix (6a68a263-5f87-5bad-bbc0-1b650399118d) |
|---|---|
| Product | Trellix Epolicy Orchestrator (Epo) (3e00bd3d-aa09-58f6-8ba2-317f5a09705b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-3339 |
vulnerable | 2026-06-03 14:47:52.930915 |
Reflected XSS in Trellix ePO server
MEDIUM (5.4)
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.
Published: 2022-10-18T00:00:00.000Z
Updated: 2025-05-08T17:24:54.809Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3338 |
vulnerable | 2026-06-03 14:47:52.921351 |
XXE in Trellix ePO server
MEDIUM (5.4)
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.
Published: 2022-10-18T00:00:00.000Z
Updated: 2025-05-13T14:46:25.750Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.