Epolicy Orchestrator
Approved changes feed: RSS · Atom
cpe:2.3:a:trellix:epolicy_orchestrator:epo_5.10_service_pack_1_update_2:*:*:*:*:*:*:*
part: a version: epo_5.10_service_pack_1_update_2 update: *
| Vendor | Trellix (6a68a263-5f87-5bad-bbc0-1b650399118d) |
|---|---|
| Product | Epolicy Orchestrator (af04bd0b-3815-5292-a4c1-27f3e72c3af3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-4844 |
vulnerable | 2026-06-03 14:57:16.299444 |
Details available
HIGH (7.5)
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.
Published: 2024-05-16T06:19:47.418Z
Updated: 2024-08-01T20:55:10.015Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.