CVE-2022-3340

EPSS 0.18%
Published 04.11.2022 12:15:15
Last modified 21.11.2024 07:19:19
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Trellix ≫ Intrusion Prevention System Manager Version < 10.1

Trellix ≫ Intrusion Prevention System Manager Version10.1 Update-

Trellix ≫ Intrusion Prevention System Manager Version10.1 Updateminor8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
trellixpsirt@trellix.com	5.9	1.7	3.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://kcm.trellix.com/corporate/index?page=content&id=SB10388

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3340

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3340

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3340

EUVD