Trellix
Products by Trellix Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 1 vulnerability in Trellix with an average score of 7.8 out of ten. Last year Trellix had 12 security vulnerabilities published. Right now, Trellix is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.58.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.80 |
| 2023 | 12 | 7.23 |
| 2022 | 2 | 6.95 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Trellix vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Trellix Security Vulnerabilities
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1
CVE-2024-0213
7.8 - High
- January 09, 2024
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly.
Classic Buffer Overflow
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9
CVE-2023-6071
7.2 - High
- November 30, 2023
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
Command Injection
A server-side request forgery vulnerability in ESM prior to version 11.6.8
CVE-2023-6070
4.3 - Medium
- November 29, 2023
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
XSPA
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension
CVE-2023-5607
7.2 - High
- November 27, 2023
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
Directory traversal
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files
CVE-2023-6119
7.8 - High
- November 16, 2023
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only.
Improper Privilege Management
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier
CVE-2023-3665
7.8 - High
- October 04, 2023
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
Code Injection
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows
CVE-2023-4814
7.1 - High
- September 14, 2023
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.
AuthZ
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s)
CVE-2023-3314
8.8 - High
- July 03, 2023
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.
Shell injection
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have
CVE-2023-3313
7.8 - High
- July 03, 2023
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
Shell injection
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe)
CVE-2023-3438
7.8 - High
- July 03, 2023
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.
Unquoted Search Path or Element
A heap-based overflow vulnerability in TA prior to version 5.7.9
CVE-2023-1388
8.1 - High
- June 07, 2023
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
Memory Corruption
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier
CVE-2023-0978
6.7 - Medium
- March 13, 2023
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
Command Injection
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1
CVE-2023-0214
6.1 - Medium
- January 18, 2023
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
XSS
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8
CVE-2022-3859
6.7 - Medium
- November 30, 2022
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
DLL preloading
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8
CVE-2022-3340
7.2 - High
- November 04, 2022
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
XXE