CVE-2019-19696
published 2020-01-18CVE-2019-19696: A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.47%
37.3th percentile
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_password_manager | — | — |
| trendmicro | password_manager | 5.0 – 5.0.0.1076 | — |
| trendmicro | password_manager | 5.0 – 5.0.1047 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspxhttps://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspxhttps://jvn.jp/en/jp/JVN37183636/index.htmlhttps://jvn.jp/jp/JVN37183636/index.htmlhttps://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspxhttps://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspxhttps://jvn.jp/en/jp/JVN37183636/index.htmlhttps://jvn.jp/jp/JVN37183636/index.html
2020-01-18
Published