CVE-2022-3340
MEDIUMTrellix IPS Manager < 10.1 Authenticated XXE via Configuration Import
Title source: llmDescription
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10388
Scores
CVSS v3
5.9
EPSS
0.0054
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-611
Status
published
Products (2)
trellix/intrusion_prevention_system_manager
10.1 (2 CPE variants)
trellix/intrusion_prevention_system_manager
< 10.1
Published
Nov 04, 2022
Tracked Since
Feb 18, 2026