CVE-2023-6070
CVSS V2 None
CVSS V3 None
Description
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Overview
- CVE ID
- CVE-2023-6070
- Assigner
- trellix
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-29T08:53:57.903Z
- Last Modified Date
- 2023-11-29T08:53:57.903Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://kcm.trellix.com/corporate/index?page=content&id=SB10413 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6070 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6070 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 06:53:32 | Added to TrackCVE |