CVE-2019-15626 — Cleartext Transmission of Sensitive Info in Micro Deep Security Manager

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 51.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Deep Security Manager Trendmicro Deep Security

Timeline

PublishedOct 17

Latest updateMay 24

Description

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5trend_micro/deep_security_manager10.0, 11.0, 12.0+2

▶NVDtrendmicro/deep_security10.0, 11.0, 12.0+2

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-mhq3-m935-jrw4: The Deep Security Manager application (Versions 10↗2022-05-24

▶

CVEList

CVE-2019-15626: The Deep Security Manager application (Versions 10↗2019-10-17

▶