CVE-2023-0400

CVSS 5.9 · Medium EPSS 0.10% · P26 Updated Mar 26, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-0400

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

控制流实现总是不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

Trellix Data Loss Prevention 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Trellix Data Loss Prevention（Trellix DLP）是美国火眼（Trellix）公司的一种数据丢失预防解决方案。提供对所有端口、协议等的入站和出站网络流量的全面扫描。 Trellix Data Loss Prevention 11.9.x 系列版本存在安全漏洞，该漏洞源于允许本地用户在将敏感数据从映射驱动器上传到 Web email client时绕过 DLP 控制，阻止了从本地驱动程序加载。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Trellix	Data Loss Prevention (DLP)	11.9.100 ~ 11.9.x	-

II. Public POCs for CVE-2023-0400

#	POC Description	Source Link	Shenlong Link
1	trellix DLP Bypass	https://github.com/pinpinsec/CVE-2023-0400	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-0400

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Data Loss Prevention (DLP)

CVE-2022-1700
Forcepoint Data Loss Prevention 代码问题漏洞

Same vendor: Trellix

Same weakness: CWE-670

V. Comments for CVE-2023-0400

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-0400

I. Basic Information for CVE-2023-0400

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-0400

III. Intelligence Information for CVE-2023-0400

IV. Related Vulnerabilities

V. Comments for CVE-2023-0400

Leave a comment