CVE-2024-11481
CVSS 3.1 Score 8.2 of 10 (high)
Details
Published Nov 29, 2024
CWE ID 22
Summary
CVE-2024-11481 is a newly disclosed vulnerability affecting ESM 11.6.10. This issue enables unauthenticated access to the Snowservice API, allowing an attacker to traverse directories improperly. Furthermore, insecure forwarding to an AJP backend occurs without proper validation, increasing the risk of unauthorized access. Lastly, there is a notable lack of authentication for accessing internal API endpoints, potentially exposing sensitive information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Trellix