CVE-2017-9035

CWE-319 — Cleartext Transmission3 documents3 sources

Severity

7.4HIGH

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Serverprotect

Timeline

PublishedMay 26

Latest updateMay 13

Description

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

▶NVDtrendmicro/serverprotect3.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-jv2f-hvvh-4hw3: Trend Micro ServerProtect for Linux 3↗2022-05-13

▶

CVEList

CVE-2017-9035: Trend Micro ServerProtect for Linux 3↗2017-05-25

▶