Epolicy orchestrator

This hub aggregates every CVE we track for Epolicy orchestrator, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Epolicy orchestrator.

• CVE-2024-4844Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the con...7.5May 16, 2024
• CVE-2024-4843ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assign...4.3May 16, 2024
• CVE-2023-5445 An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) t...5.4Nov 17, 2023
• CVE-2023-5444CSRF in ePO leading to privilege escalation8.0Nov 17, 2023
• CVE-2023-3946 A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by con...5.4Jul 26, 2023
• CVE-2022-3339Reflected XSS in Trellix ePO server5.4Oct 18, 2022
• CVE-2022-3338XXE in Trellix ePO server5.4Oct 18, 2022
• CVE-2022-0861ePO XML extended entity vulnerability3.5Mar 23, 2022
• CVE-2022-0862ePO password change vulnerability3.1Mar 23, 2022
• CVE-2022-0858Cross-site scripting vulnerability in ePO4.3Mar 23, 2022
• CVE-2022-0859ePO database restoration vulnerability6.5Mar 23, 2022
• CVE-2022-0857ePO Reflected Cross-site scripting vulnerability5.4Mar 23, 2022
• CVE-2022-0842ePO blind SQL Injection vulnerability5.4Mar 23, 2022
• CVE-2021-31834McAfee ePO Cross-Site Scripting vulnerability5.4Oct 22, 2021
• CVE-2021-31835McAfee ePO Cross-Site Scripting vulnerability4.8Oct 22, 2021