Trellix Intrusion Prevention System Manager vulnerabilities
5 known vulnerabilities affecting trellix/intrusion_prevention_system_manager.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-5671P2CRITICALCVSS 9.8vPrior to 11.1.x2024-06-14
CVE-2024-5671 [CRITICAL] CWE-502 CVE-2024-5671: Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attacker
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.
nvd
CVE-2024-5957P3HIGHCVSS 7.5fixed in 11.1.7.97v11.1.7.972024-09-05
CVE-2024-5957 [HIGH] CWE-305 CVE-2024-5957: This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs ac
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
nvd
CVE-2022-3340P3HIGHCVSS 7.2fixed in 10.1v10.12022-11-04
CVE-2022-3340 [HIGH] CWE-611 CVE-2022-3340: XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote auth
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
nvd
CVE-2024-5956P3MEDIUMCVSS 5.3v11.1.7.972024-09-05
CVE-2024-5956 [MEDIUM] CWE-305 CVE-2024-5956: This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
nvd
CVE-2024-5731P4MEDIUMCVSS 6.8vPrior to 11.1.x2024-06-14
CVE-2024-5731 [MEDIUM] CWE-311 CVE-2024-5731: A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
nvd