Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF in ePO leading to privilege escalation
Vulnerability Description
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Trellix ePolicy Orchestrator 安全漏洞
Vulnerability Description
Trellix ePolicy Orchestrator是Trellix公司的一款集中的安全管理平台。 Trellix ePolicy Orchestrator 5.10.0 CP1 Update 2之前版本存在安全漏洞,该漏洞源于存在跨站请求伪造(CSRF)漏洞。低权限攻击者可利用该漏洞将具有管理员权限的新用户添加到ePO服务器。
CVSS Information
N/A
Vulnerability Type
N/A