CVE-2019-9488 — MEDIUM (4.9)

Vulnerability Description

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Trendmicro	Deep Security Manager	10.0
Trendmicro	Vulnerability Protection	2.0

Related Weaknesses (CWE)

CWE-611

References

https://success.trendmicro.com/solution/1122900PatchVendor Advisory
https://success.trendmicro.com/solution/1122900PatchVendor Advisory

FAQ

What is CVE-2019-9488?

CVE-2019-9488 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/ad...

How severe is CVE-2019-9488?

CVE-2019-9488 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9488?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Deep Security Manager, Trendmicro Vulnerability Protection.