Download of Sensitive Files Possible Through Path Traversal in Trellix NX Products
CVE-2024-7608
5.9MEDIUM
Key Information
- Vendor
- Trellix
- Status
- Trellix Nx, Ex, Ax, Fx, Cms And Ivx
- Vendor
- CVE Published:
- 27 August 2024
Summary
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
Affected Version(s)
Trellix NX, EX, AX, FX, CMS and IVX = Trellix NX, EX, AX, FX, CMS 10.0.1 and older, for Trellix IVX 10.02. and older
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Risk change from: 6.4 to: 5.9 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database