CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

History

05 Dec 2023, 15:11

Type Values Removed Values Added
CPE cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
First Time Trellix
Trellix enterprise Security Manager
References () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - () https://kcm.trellix.com/corporate/index?page=content&id=SB10413 - Vendor Advisory

29 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-29 09:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-6070

Mitre link : CVE-2023-6070

CVE.ORG link : CVE-2023-6070


JSON object : View

Products Affected

trellix

  • enterprise_security_manager
CWE
CWE-918

Server-Side Request Forgery (SSRF)