CVE-2024-11481 HIGH

CVE-2024-11481

Vendor Trellix
Product Trellix Enterprise Security Manager (ESM)
Weakness CWE-22 · Path traversal
Published November 29, 2024
Last update November 29, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
November 29, 2024 Record updated