A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.
History

Fri, 29 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp enterprise Security Manager
CPEs cpe:2.3:a:hp:enterprise_security_manager:*:*:*:*:*:*:*:*
Vendors & Products Hp
Hp enterprise Security Manager
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2024-11-29T07:03:33.494Z

Updated: 2024-11-29T13:53:03.259Z

Reserved: 2024-11-20T05:16:00.690Z

Link: CVE-2024-11482

cve-icon Vulnrichment

Updated: 2024-11-29T13:52:56.639Z

cve-icon NVD

Status : Received

Published: 2024-11-29T08:15:04.437

Modified: 2024-11-29T08:15:04.437

Link: CVE-2024-11482

cve-icon Redhat

No data.