Trellix Enterprise Security Manager
By the Year
In 2024 there have been 0 vulnerabilities in Trellix Enterprise Security Manager . Last year Enterprise Security Manager had 4 security vulnerabilities published. Right now, Enterprise Security Manager is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.03 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Enterprise Security Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Trellix Enterprise Security Manager Security Vulnerabilities
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9
CVE-2023-6071
7.2 - High
- November 30, 2023
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
Command Injection
A server-side request forgery vulnerability in ESM prior to version 11.6.8
CVE-2023-6070
4.3 - Medium
- November 29, 2023
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
XSPA
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s)
CVE-2023-3314
8.8 - High
- July 03, 2023
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.
Shell injection
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have
CVE-2023-3313
7.8 - High
- July 03, 2023
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Trellix Enterprise Security Manager or by Trellix? Click the Watch button to subscribe.
