Description
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.
References (1)
Core 1
Core References
Permissions Required
https://thrive.trellix.com/s/article/000014635
Scores
CVSS v3
4.4
EPSS
0.0015
EPSS Percentile
5.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
trellix/system_information_reporter
< 1.0.3
Published
Jun 26, 2025
Tracked Since
Feb 18, 2026