CVE-2022-2330

Summary

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

Affected Software

VendorProductVersion RangeStatus
TrellixDLP Endpoint for Windowsunspecified < 11.9.100affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References