CVE-2019-9488

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.6%

top 30.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Deep Security Trend Micro Trend Micro Vulnerability Protection Trendmicro Deep Security Manager +1 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶NVDtrendmicro/deep_security_manager10.0, 11.0, 11.3+2

▶CVEListV5trend_micro/trend_micro_deep_security10.x, 11.x+1

▶NVDtrendmicro/vulnerability_protection2.0

▶CVEListV5trend_micro/trend_micro_vulnerability_protection2.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-8jfp-988r-jm7r: Trend Micro Deep Security Manager (10↗2022-05-24

▶

CVEList

CVE-2019-9488: Trend Micro Deep Security Manager (10↗2019-09-11

▶