Security Advisory

CVE-2022-3338

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-18 00:00:00

Last updated 2025-05-13 14:46:25

Assigner trellix

State PUBLISHED

Description

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

← Browse all CVEs View on cve.org ↗