Trellix Enterprise Security Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Trellix Enterprise Security Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-11482 — CVSS 9.8 (critical): A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through…
CVE-2023-6071 — CVSS 8.4 (high): An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator…
CVE-2024-11481 — CVSS 8.2 (high): A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path…
CVE-2023-3314 — CVSS 8.1 (high): A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external…
CVE-2023-3313 — CVSS 7.8 (high): An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed…
CVE-2023-6070 — CVSS 4.3 (medium): A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary…