XML External Entity Attack Vulnerability in Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0)

XML External Entity Attack Vulnerability in Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0)

CVE-2019-9488 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

Learn more about our External Network Penetration Testing.