CVE-2022-3340

Published: Nov 4, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

Affected (3)

Products: Trellix: Intrusion Prevention System Manager

Trellix

1 product

Intrusion Prevention System Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trellix Intrusion Prevention System Manager	Before 10.1
Trellix Intrusion Prevention System Manager	Version 10.1
Trellix Intrusion Prevention System Manager	Version 10.1 minor8

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://kcm.trellix.com/corporate/index?page=content&id=SB10388

Source: trellixpsirt@trellix.com

PatchVendor Advisory

https://kcm.trellix.com/corporate/index?page=content&id=SB10388

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.