Trellix Enterprise Security Manager Flaw Allows Access To Internal Snowservice API
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability has been addressed by Trellix in its Enterprise Security Manager (ESM) that could potentially expose the internal Snowservice API to unauthorized access.
The flaw, discovered in ESM version 11.6.10, has raised concerns among cybersecurity experts due to its potential for exploitation.
The vulnerability, which allows unauthenticated access to the internal Snowservice API, presents multiple security risks.
These include improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and a lack of authentication for accessing internal API endpoints.
Researchers at Trellix observed that such vulnerabilities could potentially be exploited by malicious actors to gain unauthorized access to sensitive information or compromise system integrity.
Technical Analysis
In response to this security threat, Trellix has released version 11.6.13 of the Enterprise Security Manager, which includes critical security updates and feature enhancements.
This latest release is part of Trellix’s ongoing efforts to improve the security and functionality of their products.
Key updates in ESM 11.6.13 include:-
The CERT-Bund of the BSI has classified these vulnerabilities with a maximum CVSS value of 9.8, indicating a critical risk level. They warn that these flaws could allow attackers to bypass security measures, emphasizing the importance of applying the update promptly.
In addition to security fixes, ESM 11.6.13 introduces new features and improvements:
Trellix strongly recommends that all users upgrade to ESM 11.6.13 as soon as possible to mitigate potential security risks. The company emphasizes that this update is crucial for all environments and should be applied at the earliest convenience.
Timely security updates like this one from Trellix play a critical role in maintaining the integrity and security of enterprise systems.
Organizations using Trellix Enterprise Security Manager are advised to review their current version and plan for immediate upgrades to ensure their systems remain protected against the latest known vulnerabilities.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Trellix Enterprise Security Manager Flaw Allows Access To Internal Snowservice API
Author: Tushar Subhra DuttaA critical vulnerability has been addressed by Trellix in its Enterprise Security Manager (ESM) that could potentially expose the internal Snowservice API to unauthorized access.
The flaw, discovered in ESM version 11.6.10, has raised concerns among cybersecurity experts due to its potential for exploitation.
The vulnerability, which allows unauthenticated access to the internal Snowservice API, presents multiple security risks.
These include improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and a lack of authentication for accessing internal API endpoints.
Researchers at Trellix observed that such vulnerabilities could potentially be exploited by malicious actors to gain unauthorized access to sensitive information or compromise system integrity.
Technical Analysis
In response to this security threat, Trellix has released version 11.6.13 of the Enterprise Security Manager, which includes critical security updates and feature enhancements.
This latest release is part of Trellix’s ongoing efforts to improve the security and functionality of their products.
Key updates in ESM 11.6.13 include:-
- Patching of multiple security vulnerabilities, including updates to Azul Java to address several CVEs.
- Fixing two “reverse shell” vulnerabilities in the “Snow Service” (CVE-2024-1148 and CVE-2024-11482).
- Updating the libcurl library to address CVE-2023-38545 (CVSS 9.8, critical) and CVE-2023-38546 (CVSS 3.7, low).
The CERT-Bund of the BSI has classified these vulnerabilities with a maximum CVSS value of 9.8, indicating a critical risk level. They warn that these flaws could allow attackers to bypass security measures, emphasizing the importance of applying the update promptly.
In addition to security fixes, ESM 11.6.13 introduces new features and improvements:
- Integration support for ESET and Sentinel security solutions as data sources.
- A new “Match Missing Field” option in the user interface for enhanced event correlation.
- Various bug fixes and performance improvements across different categories, including HA Receiver, Software Upgrade, Watchlists, Correlation, and User Interface.
Trellix strongly recommends that all users upgrade to ESM 11.6.13 as soon as possible to mitigate potential security risks. The company emphasizes that this update is crucial for all environments and should be applied at the earliest convenience.
Timely security updates like this one from Trellix play a critical role in maintaining the integrity and security of enterprise systems.
Organizations using Trellix Enterprise Security Manager are advised to review their current version and plan for immediate upgrades to ensure their systems remain protected against the latest known vulnerabilities.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
