CVE-2019-9488: XEE
First published: Wed Sep 11 2019(Updated: )
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Deep Security Manager | =10.0 | |
| Trend Micro Deep Security Manager | =10.0-u1 | |
| Trend Micro Deep Security Manager | =10.0-u10 | |
| Trend Micro Deep Security Manager | =10.0-u11 | |
| Trend Micro Deep Security Manager | =10.0-u12 | |
| Trend Micro Deep Security Manager | =10.0-u13 | |
| Trend Micro Deep Security Manager | =10.0-u14 | |
| Trend Micro Deep Security Manager | =10.0-u15 | |
| Trend Micro Deep Security Manager | =10.0-u16 | |
| Trend Micro Deep Security Manager | =10.0-u17 | |
| Trend Micro Deep Security Manager | =10.0-u18 | |
| Trend Micro Deep Security Manager | =10.0-u19 | |
| Trend Micro Deep Security Manager | =10.0-u2 | |
| Trend Micro Deep Security Manager | =10.0-u3 | |
| Trend Micro Deep Security Manager | =10.0-u4 | |
| Trend Micro Deep Security Manager | =10.0-u5 | |
| Trend Micro Deep Security Manager | =10.0-u6 | |
| Trend Micro Deep Security Manager | =10.0-u7 | |
| Trend Micro Deep Security Manager | =10.0-u8 | |
| Trend Micro Deep Security Manager | =10.0-u9 | |
| Trend Micro Deep Security Manager | =11.0 | |
| Trend Micro Deep Security Manager | =11.0-u1 | |
| Trend Micro Deep Security Manager | =11.0-u2 | |
| Trend Micro Deep Security Manager | =11.0-u3 | |
| Trend Micro Deep Security Manager | =11.0-u4 | |
| Trend Micro Deep Security Manager | =11.0-u5 | |
| Trend Micro Deep Security Manager | =11.0-u6 | |
| Trend Micro Deep Security Manager | =11.0-u7 | |
| Trend Micro Deep Security Manager | =11.3 | |
| Trend Micro Deep Security Manager | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trendmicro
- canonical/trend micro deep security manager
- version/trend micro deep security manager/10.0
- version/trend micro deep security manager/10.0-u1
- version/trend micro deep security manager/10.0-u10
- version/trend micro deep security manager/10.0-u11
- version/trend micro deep security manager/10.0-u12
- version/trend micro deep security manager/10.0-u13
- version/trend micro deep security manager/10.0-u14
- version/trend micro deep security manager/10.0-u15
- version/trend micro deep security manager/10.0-u16
- version/trend micro deep security manager/10.0-u17
- version/trend micro deep security manager/10.0-u18
- version/trend micro deep security manager/10.0-u19
- version/trend micro deep security manager/10.0-u2
- version/trend micro deep security manager/10.0-u3
- version/trend micro deep security manager/10.0-u4
- version/trend micro deep security manager/10.0-u5
- version/trend micro deep security manager/10.0-u6
- version/trend micro deep security manager/10.0-u7
- version/trend micro deep security manager/10.0-u8
- version/trend micro deep security manager/10.0-u9
- version/trend micro deep security manager/11.0
- version/trend micro deep security manager/11.0-u1
- version/trend micro deep security manager/11.0-u2
- version/trend micro deep security manager/11.0-u3
- version/trend micro deep security manager/11.0-u4
- version/trend micro deep security manager/11.0-u5
- version/trend micro deep security manager/11.0-u6
- version/trend micro deep security manager/11.0-u7
- version/trend micro deep security manager/11.3
- version/trend micro deep security manager/2.0