A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
                
            References
                    | Link | Resource | 
|---|---|
| https://kcm.trellix.com/corporate/index?page=content&id=SB10413 | Vendor Advisory | 
| https://kcm.trellix.com/corporate/index?page=content&id=SB10413 | Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2023-11-29 09:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6070
Mitre link : CVE-2023-6070
CVE.ORG link : CVE-2023-6070
JSON object : View
Products Affected
                trellix
- enterprise_security_manager
CWE
                
                    
                        
                        CWE-918
                        
            Server-Side Request Forgery (SSRF)
