Vulnerabilities > Trellix > Enterprise Security Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-6071 | Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.8 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. | 7.2 |
| 2023-11-29 | CVE-2023-6070 | Server-Side Request Forgery (SSRF) vulnerability in Trellix Enterprise Security Manager A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. | 4.3 |
| 2023-07-03 | CVE-2023-3314 | OS Command Injection vulnerability in Trellix Enterprise Security Manager A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). | 8.8 |
| 2023-07-03 | CVE-2023-3313 | OS Command Injection vulnerability in Trellix Enterprise Security Manager An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | 7.8 |