First published: Fri Nov 04 2022(Updated: )
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Intrusion Prevention System Manager | <10.1 | |
Trellix Intrusion Prevention System Manager | =10.1 | |
Trellix Intrusion Prevention System Manager | =10.1-minor8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3340 is an XML External Entity (XXE) vulnerability found in Trellix IPS Manager prior to 10.1 M8.
CVE-2022-3340 allows a remote authenticated administrator to perform an XXE attack in the administrator interface of Trellix IPS Manager, specifically in the part of the interface where a saved XML configuration file can be imported.
The severity of CVE-2022-3340 is high, with a CVSS score of 7.2.
To fix the XML External Entity (XXE) vulnerability in Trellix IPS Manager, it is recommended to update to version 10.1 M8 or later.
You can find more information about CVE-2022-3340 in the following link: [CVE-2022-3340](https://kcm.trellix.com/corporate/index?page=content&id=SB10388)