CVE-2019-19696
5.5MEDIUM
Key Information:
- Vendor
- Trend Micro
- Vendor
- CVE Published:
- 18 January 2020
Summary
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.
Affected Version(s)
Trend Micro Password Manager 5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved