Arbitrary Content Injection Vulnerability in Trellix CM Dashboard
CVE-2023-6072

4.6MEDIUM

Key Information:

Vendor: Trellix
Status: Trellix Central Management (cm)
Vendor: CVE Published:; 13 February 2024

Summary

A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

Affected Version(s)

Trellix Central Management (CM) Prior to 9.1.3.97129

References

https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Nov 10, 2023

Credit

Andrea Intilangelo