CVE-2019-9488

Summary

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Deep Security10.xaffected
Trend MicroTrend Micro Deep Security11.xaffected
Trend MicroTrend Micro Vulnerability Protection2.0affected

Weaknesses

  • XXE Attack

ADP Enrichment

CVE Program Container

Additional References

References