Trellix System Information Reporter Path Traversal Vulnerability Allowing Arbitrary File Creation

Vulnerability

A path traversal vulnerability has been identified in Trellix System Information Reporter (SIR) versions through 1.0.3. This vulnerability allows an authenticated user with high privileges to send malicious ePO post requests to the System Information Reporter. As a result, files can be created anywhere on the filesystem, potentially overwriting existing files and leading to unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability could result in arbitrary file creation on the server, with the possibility of overwriting existing files and disclosing sensitive information.

Added: Jun 26, 2025, 11:21 AM

Updated: Jun 26, 2025, 11:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trellix System Information Reporter Path Traversal Vulnerability Allowing Arbitrary File Creation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating