trellix 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and vendor risk xxe などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-14963 | A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a syste | [email protected] | 6.2 | 0.03% | 2026-02-24 | 2026-02-26 |
| CVE-2025-3773 | A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. | [email protected] | 0.0 | 0.07% | 2025-06-26 | 2026-02-11 |
| CVE-2025-3771 | A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces | [email protected] | 7.2 | 0.07% | 2025-06-26 | 2026-02-11 |
| CVE-2025-3722 | A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure. | [email protected] | 0.0 | 0.05% | 2025-06-26 | 2026-02-11 |
| CVE-2024-11482 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. | [email protected] | 9.8 | 4.70% | 2024-11-29 | 2025-10-28 |
| CVE-2024-11481 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints. | [email protected] | 8.2 | 0.41% | 2024-11-29 | 2025-10-28 |
| CVE-2024-5957 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. | [email protected] | 6.3 | 0.06% | 2024-09-05 | 2024-09-06 |
| CVE-2024-5956 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | [email protected] | 6.5 | 0.07% | 2024-09-05 | 2024-09-06 |
| CVE-2024-4176 | An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. | [email protected] | 4.1 | 0.14% | 2024-06-13 | 2024-11-21 |
| CVE-2023-6072 | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | [email protected] | 4.6 | 0.09% | 2024-02-13 | 2024-11-21 |
| CVE-2024-0310 | A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. | [email protected] | 6.1 | 0.17% | 2024-01-10 | 2024-11-21 |
| CVE-2024-0213 | A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. | [email protected] | 8.2 | 0.09% | 2024-01-09 | 2024-11-21 |
| CVE-2024-0206 | A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | [email protected] | 7.1 | 0.09% | 2024-01-09 | 2024-11-21 |
| CVE-2023-6071 | An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. | [email protected] | 8.4 | 0.64% | 2023-11-30 | 2024-11-21 |
| CVE-2023-6070 | A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data | [email protected] | 4.3 | 0.05% | 2023-11-29 | 2024-11-21 |
| CVE-2023-5607 | An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. | [email protected] | 8.4 | 0.52% | 2023-11-27 | 2024-11-21 |
| CVE-2023-6119 | An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only. | [email protected] | 6.5 | 0.03% | 2023-11-16 | 2024-11-21 |
| CVE-2023-3665 | A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | [email protected] | 5.5 | 0.11% | 2023-10-04 | 2024-11-21 |
| CVE-2023-4814 | A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | [email protected] | 7.1 | 0.05% | 2023-09-14 | 2024-11-21 |
| CVE-2023-3314 | A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. | [email protected] | 8.1 | 0.59% | 2023-07-03 | 2024-11-21 |