High severity8.2NVD Advisory· Published Nov 29, 2024· Updated Jun 17, 2026
CVE-2024-11481
CVE-2024-11481
Description
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
Affected products
2- Trellix/Trellix Enterprise Security Manager (ESM)v5Range: 11.6.12
Patches
Vulnerability mechanics
References
1- thrive.trellix.com/s/article/000014058nvdPermissions Required
News mentions
0No linked articles in our index yet.