A path traversal vulnerability in Trellix Intelligent Sandbox has been discovered and resolved.
Affected software
All supported versions
Remediated / updated versions
The vulnerability is remediated through a minor patch and there will not be a full release containing this fix. The patch can be downloaded from the Knowledge Base article Known Issue: Path traversal vulnerability in Trellix Intelligent Sandbox web interface allowing arbitrary file read.
Impact
Severity: High
Recommendation
Verify that you have applied the latest update. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see the Knowledge Base article Known Issue: Path traversal vulnerability in Trellix Intelligent Sandbox web interface allowing arbitrary file read".
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.