A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://thrive.trellix.com/s/article/000014058 |
History
Fri, 29 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Trellix
Trellix enterprise Security Manager |
|
CPEs | cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:* | |
Vendors & Products |
Trellix
Trellix enterprise Security Manager |
|
Metrics |
ssvc
|
Fri, 29 Nov 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints. | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: trellix
Published: 2024-11-29T07:01:44.562Z
Updated: 2024-11-29T13:55:59.611Z
Reserved: 2024-11-20T05:15:58.706Z
Link: CVE-2024-11481
Vulnrichment
Updated: 2024-11-29T13:55:07.943Z
NVD
Status : Received
Published: 2024-11-29T08:15:04.270
Modified: 2024-11-29T08:15:04.270
Link: CVE-2024-11481
Redhat
No data.