CVE-2019-18191

8.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Deep Security As A Service
Vendor: CVE Published:; 16 December 2019

Summary

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.

Affected Version(s)

Trend Micro Deep Security as a Service SaaS

References

https://success.trendmicro.com/solution/000157758

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2019
Vulnerability Reserved
Oct 17, 2019