First published: Fri Sep 28 2018(Updated: )
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Deep Discovery Inspector | <=3.85 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15365 is a Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below.
CVE-2018-15365 allows an attacker to bypass CSRF protection and conduct an attack on vulnerable installations of Trend Micro Deep Discovery Inspector 3.85 and below.
CVE-2018-15365 has a severity rating of medium with a CVSS score of 5.4.
To exploit CVE-2018-15365, an attacker must be an authenticated user and can then perform a Reflected Cross-Site Scripting (XSS) attack on the vulnerable installations.
Yes, Trend Micro has released a solution to address the CVE-2018-15365 vulnerability. Please refer to the provided reference links for more details.