CVE-2019-15627

Published: Oct 17, 2019Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.

Affected (3)

Products: Trendmicro: Deep Security

Trendmicro

1 product

Deep Security

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Deep Security	Version 10.0
Trendmicro Deep Security	Version 11.0
Trendmicro Deep Security	Version 12.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

http://packetstormsecurity.com/files/155579/Trend-Micro-Deep-Security-Agent-11-Arbitrary-File-Overwrite.html

Source: security@trendmicro.com

https://success.trendmicro.com/solution/000149495

Source: security@trendmicro.com

Vendor Advisory

http://packetstormsecurity.com/files/155579/Trend-Micro-Deep-Security-Agent-11-Arbitrary-File-Overwrite.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://success.trendmicro.com/solution/000149495

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.