Vulnerabilities in Trellix
52 resultsCVE-2023-0221MEDIUMProduct security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypEPSS 0.2%CVE-2024-0206HIGH
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local uEPSS 0.2%CVE-2024-0213HIGH
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause EPSS 0.2%CVE-2025-0664MEDIUMA locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrarEPSS 0.2%CVE-2023-0975HIGH
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, toEPSS 0.2%CVE-2025-5967MEDIUMA stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan NEPSS 0.2%CVE-2025-3722NONEA path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue EPSS 0.2%CVE-2022-2188MEDIUMDXL Broker privilege escalation vulnerabilityEPSS 0.1%CVE-2023-4814HIGH
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for wEPSS 0.1%CVE-2025-3771HIGHA path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwriteEPSS 0.1%CVE-2025-3773NONEA sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin localEPSS 0.1%CVE-2025-14963MEDIUMA vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevatedEPSS 0.1%