All the vulnerabilites related to Trend Micro, Inc. - Trend Micro Deep Discovery Inspector
cve-2024-46903
Vulnerability from cvelistv5
Published
2024-10-22 18:28
Modified
2024-11-01 19:11
Severity ?
EPSS score ?
Summary
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Trend Micro, Inc. | Trend Micro Deep Discovery Inspector |
Version: 5.8, 6.6, 6.7 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46903", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T18:53:30.327314Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T19:11:42.862Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Trend Micro Deep Discovery Inspector", "vendor": "Trend Micro, Inc.", "versions": [ { "lessThan": "6.6.1097, 6.7.1107", "status": "affected", "version": "5.8, 6.6, 6.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T18:28:31.213Z", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro" }, "references": [ { "url": "https://success.trendmicro.com/en-US/solution/KA-0017793" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1228/" } ] } }, "cveMetadata": { "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2024-46903", "datePublished": "2024-10-22T18:28:31.213Z", "dateReserved": "2024-09-13T14:13:48.416Z", "dateUpdated": "2024-11-01T19:11:42.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-46902
Vulnerability from cvelistv5
Published
2024-10-22 18:28
Modified
2024-10-22 19:00
Severity ?
EPSS score ?
Summary
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Trend Micro, Inc. | Trend Micro Deep Discovery Inspector |
Version: 5.8, 6.6, 6.7 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:trendmicro:deep_discovery_inspector:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "deep_discovery_inspector", "vendor": "trendmicro", "versions": [ { "lessThan": "6.6.1097", "status": "affected", "version": "5.8", "versionType": "custom" }, { "lessThan": "6.7.1107", "status": "affected", "version": "6.7", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-46902", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T18:57:44.852631Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T19:00:05.228Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Trend Micro Deep Discovery Inspector", "vendor": "Trend Micro, Inc.", "versions": [ { "lessThan": "6.6.1097, 6.7.1107", "status": "affected", "version": "5.8, 6.6, 6.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T18:28:18.124Z", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro" }, "references": [ { "url": "https://success.trendmicro.com/en-US/solution/KA-0017793" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1227/" } ] } }, "cveMetadata": { "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2024-46902", "datePublished": "2024-10-22T18:28:18.124Z", "dateReserved": "2024-09-13T14:13:48.416Z", "dateUpdated": "2024-10-22T19:00:05.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }