A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: trellix
Published: 2023-11-29T08:53:57.903Z
Updated: 2024-08-02T08:21:17.150Z
Reserved: 2023-11-10T05:17:16.847Z
Link: CVE-2023-6070
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-29T09:15:21.877
Modified: 2023-12-05T15:11:13.197
Link: CVE-2023-6070
Redhat
No data.