CVE-2023-5444

Name of the Vulnerable Software and Affected Versions ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2

Description A Cross Site Request Forgery issue allows a remote low privilege user to add a new user with administrator privileges to the ePO server, impacting the dashboard area of the user interface. To exploit this, the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

Recommendations For versions prior to 5.10.0 CP1 Update 2, update to version 5.10.0 CP1 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the dashboard area of the user interface to minimize the risk of exploitation.