CVE-2019-9488

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
trendmicroCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
trendmicrodeep_security_manager
10.0
trendmicrodeep_security_manager
10.0:u1
trendmicrodeep_security_manager
10.0:u10
trendmicrodeep_security_manager
10.0:u11
trendmicrodeep_security_manager
10.0:u12
trendmicrodeep_security_manager
10.0:u13
trendmicrodeep_security_manager
10.0:u14
trendmicrodeep_security_manager
10.0:u15
trendmicrodeep_security_manager
10.0:u16
trendmicrodeep_security_manager
10.0:u17
trendmicrodeep_security_manager
10.0:u18
trendmicrodeep_security_manager
10.0:u19
trendmicrodeep_security_manager
10.0:u2
trendmicrodeep_security_manager
10.0:u3
trendmicrodeep_security_manager
10.0:u4
trendmicrodeep_security_manager
10.0:u5
trendmicrodeep_security_manager
10.0:u6
trendmicrodeep_security_manager
10.0:u7
trendmicrodeep_security_manager
10.0:u8
trendmicrodeep_security_manager
10.0:u9
trendmicrodeep_security_manager
11.0
trendmicrodeep_security_manager
11.0:u1
trendmicrodeep_security_manager
11.0:u2
trendmicrodeep_security_manager
11.0:u3
trendmicrodeep_security_manager
11.0:u4
trendmicrodeep_security_manager
11.0:u5
trendmicrodeep_security_manager
11.0:u6
trendmicrodeep_security_manager
11.0:u7
trendmicrodeep_security_manager
11.3
trendmicrovulnerability_protection
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/solution/1122900
https://success.trendmicro.com/solution/1122900