Medium severity4.3NVD Advisory· Published Nov 29, 2023· Updated Jun 17, 2026
CVE-2023-6070
CVE-2023-6070
Description
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Affected products
2- Trellix/Trellix Enterprise Security Manager (ESM)v5Range: 11.6.8
Patches
Vulnerability mechanics
References
1- kcm.trellix.com/corporate/indexnvdVendor Advisory
News mentions
0No linked articles in our index yet.