CVE-2023-3946

Name of the Vulnerable Software and Affected Versions ePO versions prior to 5.10 SP1 Update 1

Description A reflected cross-site scripting (XSS) vulnerability allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

Recommendations For versions prior to 5.10 SP1 Update 1, update to version 5.10 SP1 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to links from untrusted sources to minimize the risk of exploitation.