4.9
CVE-2019-9488
- EPSS 0.63%
- Published 11.09.2019 18:15:10
- Last modified 21.11.2024 04:51:42
- Source security@trendmicro.com
- Teams watchlist Login
- Open Login
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
Data is provided by the National Vulnerability Database (NVD)
Trendmicro ≫ Deep Security Manager Version10.0 Update-
Trendmicro ≫ Deep Security Manager Version10.0 Updateu1
Trendmicro ≫ Deep Security Manager Version10.0 Updateu10
Trendmicro ≫ Deep Security Manager Version10.0 Updateu11
Trendmicro ≫ Deep Security Manager Version10.0 Updateu12
Trendmicro ≫ Deep Security Manager Version10.0 Updateu13
Trendmicro ≫ Deep Security Manager Version10.0 Updateu14
Trendmicro ≫ Deep Security Manager Version10.0 Updateu15
Trendmicro ≫ Deep Security Manager Version10.0 Updateu16
Trendmicro ≫ Deep Security Manager Version10.0 Updateu17
Trendmicro ≫ Deep Security Manager Version10.0 Updateu18
Trendmicro ≫ Deep Security Manager Version10.0 Updateu19
Trendmicro ≫ Deep Security Manager Version10.0 Updateu2
Trendmicro ≫ Deep Security Manager Version10.0 Updateu3
Trendmicro ≫ Deep Security Manager Version10.0 Updateu4
Trendmicro ≫ Deep Security Manager Version10.0 Updateu5
Trendmicro ≫ Deep Security Manager Version10.0 Updateu6
Trendmicro ≫ Deep Security Manager Version10.0 Updateu7
Trendmicro ≫ Deep Security Manager Version10.0 Updateu8
Trendmicro ≫ Deep Security Manager Version10.0 Updateu9
Trendmicro ≫ Deep Security Manager Version11.0 Update-
Trendmicro ≫ Deep Security Manager Version11.0 Updateu1
Trendmicro ≫ Deep Security Manager Version11.0 Updateu2
Trendmicro ≫ Deep Security Manager Version11.0 Updateu3
Trendmicro ≫ Deep Security Manager Version11.0 Updateu4
Trendmicro ≫ Deep Security Manager Version11.0 Updateu5
Trendmicro ≫ Deep Security Manager Version11.0 Updateu6
Trendmicro ≫ Deep Security Manager Version11.0 Updateu7
Trendmicro ≫ Deep Security Manager Version11.3 Update-
Trendmicro ≫ Vulnerability Protection Version2.0 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.678 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.