Lucene search
+L
TrellixEnterprise Security Manager

6 matches found

CVE
CVE
added 2023/07/03 7:53 a.m.2496 views

CVE-2023-3313

CVE-2023-3313 pertains to an OS command injection in the Trellix Enterprise Security Manager (ESM) certificate API, caused by insufficient neutralization of special elements. The vulnerability could let an unauthorized user with local access execute system commands, potentially escalating privile...

7.8CVSS8.1AI score0.00473EPSS
CVE
CVE
added 2024/11/29 7:3 a.m.112 views

CVE-2024-11482

CVE-2024-11482 affects Trellix Enterprise Security Manager (ESM) 11.6.10. Multiple sources confirm unauthenticated access to the internal Snowservice API, enabling remote code execution via command injection with root privileges. CVSSv3.1 data: Network attack vector, Low attack complexity, No pri...

9.8CVSS8.2AI score0.02544EPSS
CVE
CVE
added 2024/11/29 7:1 a.m.100 views

CVE-2024-11481

CVE-2024-11481 concerns Trellix Enterprise Security Manager (ESM) 11.6.10. The issue enables unauthenticated access to the internal Snowservice API, with improper path traversal handling and insecure forwarding to an AJP backend, lacking authentication for internal API endpoints. Documents indica...

8.2CVSS7.3AI score0.0043EPSS
CVE
CVE
added 2023/11/30 12:48 p.m.43 views

CVE-2023-6071

CVE-2023-6071 affects Trellix Enterprise Security Manager (ESM) prior to 11.6.9. The issue is an improper neutralization of special elements in a command when adding a new data source, enabling a remote administrator to execute arbitrary code as root. Documents confirm the vulnerability, its root...

8.4CVSS7.4AI score0.00851EPSS
CVE
CVE
added 2023/07/03 8:2 a.m.36 views

CVE-2023-3314

CVE-2023-3314 affects Trellix Enterprise Security Manager (and related entries) where a failure to fully sanitize zip file processing allows an authorized user to control the .zip application, enabling arbitrary command execution or privilege escalation. Public sources cite vulnerable versions (e...

8.8CVSS9AI score0.00942EPSS
CVE
CVE
added 2023/11/29 8:53 a.m.35 views

CVE-2023-6070

The connected sources provide concrete details for CVE-2023-6070: an SSRF vulnerability in Trellix ESM (Enterprise Security Manager) versions prior to 11.6.8. A low-privileged authenticated user can upload arbitrary content through the certificate validation functionality, potentially altering co...

4.3CVSS4.7AI score0.00243EPSS