A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data.

The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.8. It is, therefore, affected by a server-side request forgery (SSRF) vulnerability. Due to a flaw in the certificate validation functionality, a remote, authenticated attacker can upload arbitrary content, potentially altering configuration.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

CVE-2023-6670

medium

Tenable Plugins

medium