Описание
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.6.8 (исключая)
cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 4.3
github
около 2 лет назад
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
EPSS
Процентиль: 29%
0.00103
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918