CVE-2022-3340 – Trellix IPS Manager vulnerable to XXE

https://notcve.org/view.php?id=CVE-2022-3340

04 Nov 2022 — XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. La vulnerabilidad de entidad externa XML (XXE) en Trellix IPS Manager anterior a 10.1 M8 permite que un administrador remoto autenticado realice un ataque XXE en la parte de la interfaz del administrador de la interfaz, lo que permite importar un archi... • https://kcm.trellix.com/corporate/index?page=content&id=SB10388 • CWE-611: Improper Restriction of XML External Entity Reference •