CVE-2024-11481

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 29, 2024
CWE ID 22

Summary

CVE-2024-11481 is a newly disclosed vulnerability affecting ESM 11.6.10. This issue enables unauthenticated access to the Snowservice API, allowing an attacker to traverse directories improperly. Furthermore, insecure forwarding to an AJP backend occurs without proper validation, increasing the risk of unauthorized access. Lastly, there is a notable lack of authentication for accessing internal API endpoints, potentially exposing sensitive information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share