Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Trellix Application and Change Control 路径遍历漏洞
Vulnerability Description
Trellix Application and Change Control(Trellix ACC)是美国火眼(Trellix)公司的一个应用和变更控制程序。 Trellix Application and Change Control (TACC) 8.4.0之前版本存在路径遍历漏洞,该漏洞源于TACC ePO extension存在路径遍历漏洞。
CVSS Information
N/A
Vulnerability Type
N/A