fireeye 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and vendor risk sql injection などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-0320 | Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. | [email protected] | 5.4 | 0.08% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0319 | Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | [email protected] | 5.4 | 0.06% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0318 | Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. | [email protected] | 5.4 | 0.08% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0317 | Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. | [email protected] | 5.4 | 0.11% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0316 | Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage. | [email protected] | 6.8 | 0.05% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0315 | Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | [email protected] | 6.6 | 0.38% | 2024-01-15 | 2024-11-21 |
| CVE-2024-0314 | XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. | [email protected] | 5.4 | 0.08% | 2024-01-15 | 2024-11-21 |
| CVE-2021-28970 | eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. | [email protected] | 6.5 | 0.20% | 2021-04-01 | 2024-11-21 |
| CVE-2021-28969 | eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software. | [email protected] | 6.5 | 0.18% | 2021-04-01 | 2024-11-21 |
| CVE-2020-25034 | eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature. | [email protected] | 6.5 | 0.18% | 2020-10-26 | 2024-11-21 |