← Back

CVE-2015-2873

nvd nist
Published: Aug 23, 2015Modified: May 6, 2026

JSON object

Loading...
5.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:N
Exploitability: 8.0 / Impact: 4.9
Source: NVD

Description

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.

Affected (9)

Trendmicro
1 product
Deep Discovery Inspector
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Trendmicro
Deep Discovery Inspector
Version 3.5
Deep Discovery Inspector
Version 3.5
Deep Discovery Inspector
Version 3.5
Deep Discovery Inspector
Version 3.6
Deep Discovery Inspector
Version 3.7
Deep Discovery Inspector
Version 3.7
Deep Discovery Inspector
Version 3.7
Deep Discovery Inspector
Version 3.8
Deep Discovery Inspector
Version 3.8

Related CWEs

CWE-425
Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (6)

Source: cret@cert.org
PatchVendor Advisory
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.