The CVSS information originally published in SB10396 was incorrect and has now been updated. Please see the corrected details below and or visit SB10396 for details.
Two vulnerabilities in Trellix Agent have been discovered and resolved.
Affected software
The vulnerabilities affect the following versions of Trellix Agent:
- 5.7.8 and earlier
Remediated/updated versions
The vulnerabilities are remediated in this version:
- 5.7.9
Impact
- CVE-2023-0975 (CVSS: 8.2; Severity: High) CWE-281: Improper Preservation of Permissions.
- CVE-2023-0977 (CVSS: 6.7; Severity: Medium) CWE 120 – Heap Based Buffer Overflow.
Recommendation
Verify that you have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10396, Security Bulletin – Trellix Agent 5.7.9 March 21, 2023 release fixes two vulnerabilities (CVE-2022-0976)
Also included in these releases
For a full list of changes, see the Release Notes.