CVE-2024-11481

enterprise_security_manager vulnerability - trellix

High CVSS Score: 8.2 Published: 2024-11-29

Description

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.

Affected Systems

Vendor	trellix
Product	enterprise_security_manager
Affected Versions	11.6.10
CWE ID	CWE-22

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

https://thrive.trellix.com/s/article/000014058...

Risk Assessment

CVSS: 8.2/10

Exploit Available	Unknown
Patch Available	Unknown

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Related Vulnerabilities

critical

CVE-2024-11482

enterprise_security_manager...

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring