A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
History

Fri, 29 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Trellix
Trellix enterprise Security Manager
CPEs cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*
Vendors & Products Trellix
Trellix enterprise Security Manager
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2024-11-29T07:01:44.562Z

Updated: 2024-11-29T13:55:59.611Z

Reserved: 2024-11-20T05:15:58.706Z

Link: CVE-2024-11481

cve-icon Vulnrichment

Updated: 2024-11-29T13:55:07.943Z

cve-icon NVD

Status : Received

Published: 2024-11-29T08:15:04.270

Modified: 2024-11-29T08:15:04.270

Link: CVE-2024-11481

cve-icon Redhat

No data.