CVE-2015-2873

EUVD-2015-2961
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.6
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.8
trendmicrodeep_discovery_inspector
3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76396
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76396