CVE-2015-2873

Опубликовано: 23 авг. 2015

Источник: nvd

CVSS2: 5.5

EPSS Низкий

Описание

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.

Ссылки

http://esupport.trendmicro.com/solution/en-US/1112206.aspx
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/248692
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/76396
Third Party Advisory
VDB Entry
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/248692
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/76396
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*

EPSS

Процентиль: 85%

0.02538

Низкий

5.5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-pfgp-c8ff-xcvx

github

больше 3 лет назад