Linset

Name of the Vulnerable Software and Affected Versions: Corero SecureWatch Managed Services version 9.7.2.0020 Description: The issue allows a 'low privileged' attacker to read any file on the target host via a Path Traversal vulnerability. This vulnerability can be exploited through the `snap file` parameter in the "/it-IT/splunkd/ raw/services/get snapshot" HTTP API endpoint. Recommendations: For Corero SecureWatch Managed Services version 9.7.2.0020, consider restricting access to the "/it-IT/splunkd/ raw/services/get snapshot" HTTP API endpoint to minimize the risk of exploitation. Additionally, avoid using the `snap file` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Corero SecureWatch Managed Services version 9.7.2.0020 Description: The issue arises from incorrect privilege checking for `swa-monitor` and `cns-monitor` users, allowing them to perform actions outside their designated roles. Recommendations: For Corero SecureWatch Managed Services version 9.7.2.0020, consider restricting the privileges of `swa-monitor` and `cns-monitor` users to their intended roles until a patch is available.