A critical vulnerability was identified in Trellix Enterprise Security Manager (ESM) version 11.6.10. The vulnerability allowed unauthenticated access to internal API endpoints through path traversal and enabled remote code execution via command injection. The issue stemmed from insecure AJP proxy configuration and lack of input validation. The vulnerability has been confirmed on the publicly available trial…Read More
Trellix: Unauthenticated Path Traversal and Command Injection in Trellix Enterprise Security Manager 11.6.10
