CVE-2019-9488
moderate-risk
Published 2019-09-11
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
Do I need to act?
-
0.60% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Deep Security Manager
Affected Vendors
References (2)
44
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
22/34 · High