Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Trellix IPS Manager vulnerable to XXE
Vulnerability Description
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Trellix IPS Manager 代码问题漏洞
Vulnerability Description
Trellix IPS Manager是美国火眼(Trellix)公司的一个用于本地和虚拟网络的下一代 IPS。 Trellix IPS Manager 10.1 M8之前版本存在安全漏洞,该漏洞源于其可以通过远程认证的管理员在管理员界面部分进行外部实体攻击从而导入已保存的XML配置文件。
CVSS Information
N/A
Vulnerability Type
N/A