Vulnerabilities > Trellix > Enterprise Security Manager > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-30 | CVE-2023-6071 | Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7/11.6.8 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. | 7.2 |
2023-07-03 | CVE-2023-3314 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). | 8.8 |
2023-07-03 | CVE-2023-3313 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | 7.8 |