A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
References
Link | Resource |
---|---|
https://kcm.trellix.com/corporate/index?page=content&id=SB10413 | Vendor Advisory |
Configurations
History
05 Dec 2023, 15:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Trellix
Trellix enterprise Security Manager |
|
References | () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - Vendor Advisory |
29 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-29 09:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6070
Mitre link : CVE-2023-6070
CVE.ORG link : CVE-2023-6070
JSON object : View
Products Affected
trellix
- enterprise_security_manager
CWE
CWE-918
Server-Side Request Forgery (SSRF)