CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5957
https://notcve.org/view.php?id=CVE-2024-5957
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. • https://thrive.trellix.com/s/article/000013870 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5956
https://notcve.org/view.php?id=CVE-2024-5956
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly • https://thrive.trellix.com/s/article/000013870 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3340 – Trellix IPS Manager vulnerable to XXE
https://notcve.org/view.php?id=CVE-2022-3340
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. La vulnerabilidad de entidad externa XML (XXE) en Trellix IPS Manager anterior a 10.1 M8 permite que un administrador remoto autenticado realice un ataque XXE en la parte de la interfaz del administrador de la interfaz, lo que permite importar un archivo de configuración XML guardado. • https://kcm.trellix.com/corporate/index?page=content&id=SB10388 • CWE-611: Improper Restriction of XML External Entity Reference •