Enterprise security manager

This hub aggregates every CVE we track for Enterprise security manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Enterprise security manager.

• CVE-2024-11482A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.9.8Nov 29, 2024
• CVE-2024-11481A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequa...8.2Nov 29, 2024
• CVE-2023-6071 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is po...8.4Nov 30, 2023
• CVE-2023-6070 A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possi...4.3Nov 29, 2023
• CVE-2023-3314 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zi...8.1Jul 3, 2023
• CVE-2023-3313 An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection f...7.8Jul 3, 2023
• CVE-2019-3644MWG scanners updated to address CVE-2019-95177.5Sep 11, 2019
• CVE-2019-3643MWG scanners updated to address CVE-2019-95115.3Sep 11, 2019
• CVE-2019-3632Directory Traversal vulnerability could lead to elevated privileges8.8Jun 27, 2019
• CVE-2019-3631Command Injection could allow authenticated users to execute arbitrary code7.2Jun 27, 2019
• CVE-2019-3630Command Injection could allow authenticated users to execute arbitrary code7.2Jun 27, 2019
• CVE-2019-3629Application protections bypass vulnerability could allow unauthenticated user to impersonate system users6.5Jun 27, 2019
• CVE-2019-3628Privilege escalation could allow authenticated user to gain access to a core system8.8Jun 27, 2019
• CVE-2018-11784When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '...4.3Oct 4, 2018
• CVE-2015-7704The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.7.5Aug 7, 2017