Lucene search

TrellixVULNRICHMENT:CVE-2024-5731

HistoryJun 14, 2024 - 1:57 p.m.

CVE-2024-5731

2024-06-1413:57:25

CWE-311

trellix

github.com

vulnerability

communication workflow

attacker

request destination

ips manager

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Intrusion Prevention System (IPS) Manager",
    "vendor": "Trellix",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 11.1.x"
      }
    ]
  }
]

References

thrive.trellix.com/s/article/000013623

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VULNRICHMENT:CVE-2024-5731