Vulnerability Note VU#248692
Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass.
The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It may be deployed on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance version 3.7.1096 is vulnerable to cross-site scripting and authentication bypass.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2015-2872
An authenticated user without administrator privileges may access and modify certain system configuration settings. An unauthenticated remote user may conduct cross-site scripting attacks.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Trend Micro||Affected||09 Jul 2015||07 Aug 2015|
CVSS Metrics (Learn More)
Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-2872 CVE-2015-2873
- Date Public: 18 Aug 2015
- Date First Published: 18 Aug 2015
- Date Last Updated: 18 Aug 2015
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.