Trellix Epolicy Orchestrator vulnerabilities

CVE-2022-3339 [MEDIUM] CWE-79 CVE-2022-3339: A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability

CVE-2022-3338 [MEDIUM] CWE-611 CVE-2022-3338: An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthentic An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.