PT-2015-5954 · Trend Micro · Trend Micro Deep Discovery Inspector
Hyp3Rlinx
+1
·
Published
2015-08-23
·
Updated
2021-09-09
·
CVE-2015-2873
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Trend Micro Deep Discovery Inspector (DDI) versions prior to 3.5.1477
Trend Micro Deep Discovery Inspector (DDI) versions 3.6.x prior to 3.6.1217
Trend Micro Deep Discovery Inspector (DDI) versions 3.7.x prior to 3.7.1248
Trend Micro Deep Discovery Inspector (DDI) versions 3.8.x prior to 3.8.1263
Description
The issue allows remote attackers to obtain sensitive information or change the configuration via a direct request to specific URLs, including the system log URL, whitelist URL, or blacklist URL.
Recommendations
For versions prior to 3.5.1477, update to version 3.5.1477 or later.
For versions 3.6.x prior to 3.6.1217, update to version 3.6.1217 or later.
For versions 3.7.x prior to 3.7.1248, update to version 3.7.1248 or later.
For versions 3.8.x prior to 3.8.1263, update to version 3.8.1263 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Deep Discovery Inspector