Trellix: >> Enterprise Security Manager >> 11.6.7 Security Vulnerabilities
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
CVSS Score
8.4
EPSS Score
0.006
Published
2023-11-30
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-29