CVE-2015-2873

Published Aug 23, 2015

Last updated 3 years ago

Overview

Description: Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
Source: cret@cert.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-425

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB228DD1-763F-42C7-B945-F70D43A06DEB"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D43C135C-E449-4047-B7BA-FBFE94E039CE"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF163C6A-BFAD-480A-8BD9-818CD04E697B"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E06CE6E0-B800-409F-B25E-624D0C825B1C"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B899170A-935B-47C0-85CF-2C240F956F2C"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A4FDC52-BBD5-41C8-AD28-C94C9522C3C3"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A72E2A8-E1CB-4114-B967-A17D4F980860"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90741EDC-8C94-4B32-BEFB-25051E3CF8C2"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2ED279B-D37C-41C8-BDC3-FB386ADBBF67"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References