Skip to main content

Deep Discovery Director

3 CVEs product

Monthly

CVE-2017-11381 CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2017-11380 CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11379 HIGH PATCH This Week

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Director
NVD
CVSS 3.0
7.5
EPSS
0.2%
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Director
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy