Arbitrary Content Injection Vulnerability in Trellix CM Dashboard
CVE-2023-6072

4.6MEDIUM

Key Information:

Vendor

Trellix

Status
Trellix Central Management (cm)
Vendor
CVE Published:
13 February 2024

What is CVE-2023-6072?

A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Trellix Central Management (CM) Prior to 9.1.3.97129

References

https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad...

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Intilangelo
JSON
.