Lucene search

TrellixCVELIST:CVE-2024-5731

HistoryJun 14, 2024 - 1:57 p.m.

CVE-2024-5731

2024-06-1413:57:25

CWE-311

trellix

www.cve.org

vulnerability

ips manager

central manager

local manager

communication

workflow

attacker

request

destination

parameter manipulation

sensitive information

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Intrusion Prevention System (IPS) Manager",
    "vendor": "Trellix",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 11.1.x"
      }
    ]
  }
]

References

thrive.trellix.com/s/article/000013623

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-5731