CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Configurations

Configuration 1 (hide)

cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - Vendor Advisory () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - Vendor Advisory

05 Dec 2023, 15:11

Type Values Removed Values Added
CPE cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
First Time Trellix
Trellix enterprise Security Manager
References () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - Vendor Advisory

29 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-29 09:15

Updated : 2024-11-21 08:43


NVD link : CVE-2023-6070

Mitre link : CVE-2023-6070

CVE.ORG link : CVE-2023-6070


JSON object : View

Products Affected

trellix

  • enterprise_security_manager
CWE
CWE-918

Server-Side Request Forgery (SSRF)