Remote Text File Access on Traps Endpoint Server Management (PAN-SA-2016-0022)

Last revised: 08/25/2016

Summary

The Traps ESM Server license mechanism allows for remote license validation. The unintended ability to download text files using this subsystem was recently identified. (Ref # CYV-8717).

Severity: High

This vulnerability can be used to remotely retrieve text files stored on the Traps ESM.

Products Affected

Traps ESM Core version 3.3.3 and earlier

Available Updates

Traps ESM Core version 3.3.4 and later

Workarounds and Mitigations

N/A

Acknowledgements

Chen ChingRu