Vulnerabilites related to Trend Micro - Trend Micro Deep Discovery Inspector
CVE-2018-15365 (GCVE-0-2018-15365)
Vulnerability from cvelistv5
Published
2018-09-28 17:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Reflected XSS
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Discovery Inspector |
Version: 3.85 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1121079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nixwizard/CVE-2018-15365/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Discovery Inspector",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.85"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T16:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1121079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nixwizard/CVE-2018-15365/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-15365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Discovery Inspector",
"version": {
"version_data": [
{
"version_value": "3.85"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/1121079",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1121079"
},
{
"name": "https://github.com/nixwizard/CVE-2018-15365/",
"refsource": "MISC",
"url": "https://github.com/nixwizard/CVE-2018-15365/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-15365",
"datePublished": "2018-09-28T17:00:00",
"dateReserved": "2018-08-16T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}