CVE-2023-6070
published 2023-11-29CVE-2023-6070: A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially…
PriorityP426medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.24%
15.4th percentile
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trellix | enterprise_security_manager | < 11.6.8 | 11.6.8 |
| trellix | trellix_enterprise_security_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-29
Published