- Description
- A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
- Source
- trellixpsirt@trellix.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
- Severity
- HIGH
- trellixpsirt@trellix.com
- CWE-22
- Hype score
- Not currently trending
CVE-2024-11481 (CVSS:8.2, HIGH) is Awaiting Analysis. A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper han..https://t.co/GKaQYuC4EZ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trellix Enterprise Security Manager 11.6.13 リリース 未認証の攻撃者が Snowservice API にアクセスできる脆弱性 CVE-2024-11481 CVSS 8.2 と Snowservice API を利用して、任意のコマンドを「rootユーザー権限」で実行できる脆弱性 CVE-2024-11482 CVSS 9.8 などを修正 https://t.co/Mb3m8jejja
@t_nihonmatsu
2 Dec 2024
311 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11481 Unauthenticated Path Traversal Vulnerability in ESM 11.6.10 ESM ... https://t.co/ZQfQMuG35s Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
29 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11481 A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding t… https://t.co/WJzsMZE6Dh
@CVEnew
29 Nov 2024
517 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes