CVE-2019-9488

4.9MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Deep Security; Trend Micro Vulnerability Protection
Vendor: CVE Published:; 11 September 2019

Summary

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

Affected Version(s)

Trend Micro Deep Security 10.x

Trend Micro Deep Security 11.x

Trend Micro Vulnerability Protection 2.0

References

https://success.trendmicro.com/solution/1122900

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Mar 1, 2019