Описание
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.6.9 (исключая)
cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00639
Низкий
8.4 High
CVSS3
7.2 High
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 8.4
github
около 2 лет назад
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
EPSS
Процентиль: 70%
0.00639
Низкий
8.4 High
CVSS3
7.2 High
CVSS3
Дефекты
CWE-77
CWE-77