Vulnerability in ESM 11.6.10 Allows Unauthorized Access to Internal API Endpoints
CVE-2024-11481

8.2HIGH

Key Information:

Vendor: Trellix
Status: Trellix Enterprise Security Manager (esm)
Vendor: CVE Published:; 29 November 2024

Summary

A vulnerability exists in ESM version 11.6.10, permitting unauthorized access to the internal Snowservice API. This flaw stems from improper handling of path traversal, which can lead to insecure forwarding to an AJP backend without sufficient validation. Additionally, the vulnerability is characterized by a lack of authentication mechanisms for critical internal API endpoints, exposing systems to potential exploitation.

Affected Version(s)

Trellix Enterprise Security Manager (ESM) Windows 11.6.12

References

https://thrive.trellix.com/s/article/000014058

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Nov 20, 2024

Credit

Rafal Gill