CVE-2024-11481

Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager (ESM) version 11.6.10

Description: A vulnerability in the system allows unauthenticated access to the internal Snowservice API, leading to improper handling of path traversal and insecure forwarding to an AJP backend without adequate validation. This also results in a lack of authentication for accessing internal API endpoints. The issue is related to incorrect restriction of the directory path name with limited access, which can be exploited by a remote attacker to bypass security restrictions.

Recommendations: For version 11.6.10, consider disabling access to the internal Snowservice API until a patch is available. Restrict access to the AJP backend to minimize the risk of exploitation. Avoid using the API endpoints that are vulnerable to path traversal until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.