Lucene search

[email protected]CVE-2022-3340

HistoryNov 04, 2022 - 12:15 p.m.

CVE-2022-3340

2022-11-0412:15:15

CWE-611

[email protected]

web.nvd.nist.gov

cve

xxe vulnerability

trellix ips manager

security

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

Affected configurations

NVD

Node

trellixintrusion_prevention_system_managerRange<10.1

trellixintrusion_prevention_system_managerMatch10.1-

trellixintrusion_prevention_system_managerMatch10.1minor8

CPENameOperatorVersion
trellix:intrusion_prevention_system_managertrellix intrusion prevention system managerlt10.1

CPE	Name	Operator	Version
trellix:intrusion_prevention_system_manager	trellix intrusion prevention system manager	lt	10.1

CNA Affected

[
  {
    "vendor": "Trellix",
    "product": "Trellix IPS Manager",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "10.1 M10",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10388

Social References

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for CVE-2022-3340

nvd1 cvelist1 prion1