Описание
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1 (исключая)
Одно из
cpe:2.3:a:trellix:intrusion_prevention_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:-:*:*:*:*:*:*
cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:minor8:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00421
Низкий
5.9 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
EPSS
Процентиль: 61%
0.00421
Низкий
5.9 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-611
CWE-611