Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:trellix:enterprise_security_manager:11.6.7:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6071 |
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. Published: November 30, 2023; 8:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-6070 |
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data Published: November 29, 2023; 4:15:21 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |