7.2
CVE-2022-3340
- EPSS 0.18%
- Veröffentlicht 04.11.2022 12:15:15
- Zuletzt bearbeitet 21.11.2024 07:19:19
- Quelle trellixpsirt@trellix.com
- Teams Watchlist Login
- Unerledigt Login
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trellix ≫ Intrusion Prevention System Manager Version < 10.1
Trellix ≫ Intrusion Prevention System Manager Version10.1 Update-
Trellix ≫ Intrusion Prevention System Manager Version10.1 Updateminor8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.18% | 0.397 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
trellixpsirt@trellix.com | 5.9 | 1.7 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.