CVE Vulnerability

CVE-2022-3340

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10388 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:trellix:intrusion_prevention_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:-:*:*:*:*:*:*
cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:minor8:*:*:*:*:*:*
Information

Published : 2022-11-04 12:15

Updated : 2022-11-08 04:14

NVD link : CVE-2022-3340

Mitre link : CVE-2022-3340

Products Affected

Intrusion Prevention System Manager

Trellix

CWE
CWE-611

Improper Restriction of XML External Entity Reference