Vulnerabilities > CVE-2023-6070 - Server-Side Request Forgery (SSRF) vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
trellix
CWE-918

Summary

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data

Vulnerable Configurations

Part Description Count
Application
Trellix
2

Common Weakness Enumeration (CWE)