Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data

Published

2023-11-29T09:15:21.877

Last Modified

2024-11-21T08:43:05.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trellix	enterprise_security_manager	< 11.6.8	Yes

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10413 Vendor Advisory ([email protected])
https://kcm.trellix.com/corporate/index?page=content&id=SB10413 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)