Vulnerabilities > CVE-2023-6070 - Server-Side Request Forgery (SSRF) vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |