EUVD-2024-34063

Malicious code in bioql PyPI...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

CVE-2024-11482

CVE-2024-11482 affects Trellix Enterprise Security Manager (ESM) 11.6.10. Multiple sources confirm unauthenticated access to the internal Snowservice API, enabling remote code execution via command injection with root privileges. CVSSv3.1 data: Network attack vector, Low attack complexity, No pri...

CVE-2024-11481

CVE-2024-11481 concerns Trellix Enterprise Security Manager (ESM) 11.6.10. The issue enables unauthenticated access to the internal Snowservice API, with improper path traversal handling and insecure forwarding to an AJP backend, lacking authentication for internal API endpoints. Documents indica...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

PT-2024-9162 · Trellix · Trellix Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager version 11.6.10 Description: A vulnerability in Trellix Enterprise Security Manager allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection,...

Trellix Enterprise Security Manager 安全漏洞

Trellix Enterprise Security Manager Trellix ESM is an application from American FireEye Trellix, Inc. Used for real-time monitoring and analysis enables you to quickly prioritize, investigate and respond to hidden threats. A security vulnerability exists in Trellix Enterprise Security Manager...