XML External Entity Attack Vulnerability in Trend Micro Deep Security Manager
CVE-2019-9488

4.9MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Deep Security; Trend Micro Vulnerability Protection
Vendor: CVE Published:; 11 September 2019

Summary

Trend Micro Deep Security Manager is susceptible to an XML External Entity Attack, which could lead to unauthorized data exposure if exploited. Attackers need root or admin access to a protected host recognized by the Deep Security Manager to execute the attack. Mitigation strategies are essential to protect against potential exploitation.

Affected Version(s)

Trend Micro Deep Security 10.x

Trend Micro Deep Security 11.x

Trend Micro Vulnerability Protection 2.0

References

https://success.trendmicro.com/solution/1122900

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Mar 1, 2019