A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
References
Link | Resource |
---|---|
https://kcm.trellix.com/corporate/index?page=content&id=SB10413 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trellix
Published: 2023-11-29T08:53:57.903Z
Updated: 2023-11-29T08:53:57.903Z
Reserved: 2023-11-10T05:17:16.847Z
Link: CVE-2023-6070
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-29T09:15:21.877
Modified: 2023-12-05T15:11:13.197
Link: CVE-2023-6070
JSON object: View
Redhat Information
No data.
CWE