CVE-2024-11664

Name of the Vulnerable Software and Affected Versions eNMS versions up to 4.2

Description A critical issue has been found in the function multiselect filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations Apply a patch to fix this issue, specifically the patch identified as 22b0b443acca740fc83b5544165c1f53eff3f529. As a temporary workaround, consider disabling the multiselect filtering function until a patch is available. Restrict access to the TGZ File Handler component to minimize the risk of exploitation.