cbcvebase.

Trellix Intrusion Prevention System Manager vulnerabilities

5 known vulnerabilities affecting trellix/intrusion_prevention_system_manager.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-5671P2CRITICALCVSS 9.8vPrior to 11.1.x2024-06-14
CVE-2024-5671 [CRITICAL] CWE-502 CVE-2024-5671: Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attacker Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.
nvd
CVE-2024-5957P3HIGHCVSS 7.5fixed in 11.1.7.97v11.1.7.972024-09-05
CVE-2024-5957 [HIGH] CWE-305 CVE-2024-5957: This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs ac This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
nvd
CVE-2022-3340P3HIGHCVSS 7.2fixed in 10.1v10.12022-11-04
CVE-2022-3340 [HIGH] CWE-611 CVE-2022-3340: XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote auth XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
nvd
CVE-2024-5956P3MEDIUMCVSS 5.3v11.1.7.972024-09-05
CVE-2024-5956 [MEDIUM] CWE-305 CVE-2024-5956: This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
nvd
CVE-2024-5731P4MEDIUMCVSS 6.8vPrior to 11.1.x2024-06-14
CVE-2024-5731 [MEDIUM] CWE-311 CVE-2024-5731: A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
nvd
Trellix Intrusion Prevention System Manager vulnerabilities | cvebase