CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data

Published: Nov 29, 2023
Updated: Dec 6, 2023
CVE: CVE-2023-6070
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
trellix / enterprise_security_manager	-	11.6.8

https://kcm.trellix.com/corporate/index?page=content&id=SB10413

Vulnerability Database

289,697

CVE-2023-6070