CVE-2023-3314

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 8.1
References () https://kcm.trellix.com/corporate/index?page=content&id=SB10403 - Vendor Advisory () https://kcm.trellix.com/corporate/index?page=content&id=SB10403 - Vendor Advisory

11 Jul 2023, 16:09

Type Values Removed Values Added
CWE CWE-78
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10403 - (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10403 - Vendor Advisory
CPE cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

03 Jul 2023, 13:02

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-03 09:15

Updated : 2024-11-21 08:16


NVD link : CVE-2023-3314

Mitre link : CVE-2023-3314

CVE.ORG link : CVE-2023-3314


JSON object : View

Products Affected

trellix

  • enterprise_security_manager
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')