Vulnerabilities > Trellix > Enterprise Security Manager

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-6071 Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7/11.6.8
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM.
network
low complexity
trellix CWE-77
7.2
2023-11-29 CVE-2023-6070 Unspecified vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration.
network
low complexity
trellix
4.3
2023-07-03 CVE-2023-3314 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s).
network
low complexity
trellix CWE-78
8.8
2023-07-03 CVE-2023-3313 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
local
low complexity
trellix CWE-78
7.8