CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
32.4%
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
trellix | enterprise_security_manager | * | cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Enterprise Security Manager",
"vendor": "Trellix",
"versions": [
{
"status": "affected",
"version": "11.6.3"
}
]
}
]