CVE-2022-3340

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
trellixCNA
5.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
trellixintrusion_prevention_system_manager
𝑥
< 10.1
trellixintrusion_prevention_system_manager
10.1
trellixintrusion_prevention_system_manager
10.1:minor8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kcm.trellix.com/corporate/index?page=content&id=SB10388
https://kcm.trellix.com/corporate/index?page=content&id=SB10388