CVE-2024-46903

A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://success.trendmicro.com/en-US/solution/KA-0017793	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-1228/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trendmicro:deep_discovery_inspector::::::::
	cpe:2.3:a:trendmicro:deep_discovery_inspector:6.6:1078::::::
	cpe:2.3:a:trendmicro:deep_discovery_inspector:6.6:1080::::::
	cpe:2.3:a:trendmicro:deep_discovery_inspector:6.7:1077::::::
	cpe:2.3:a:trendmicro:deep_discovery_inspector:6.7:1086::::::

History

No history.

Information

Published : 2024-10-22 19:15

Updated : 2024-11-01 19:35

NVD link : CVE-2024-46903

Mitre link : CVE-2024-46903

CVE.ORG link : CVE-2024-46903

JSON object : View

Products Affected

trendmicro

deep_discovery_inspector

CWE

NVD-CWE-noinfo CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-46903", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-22T19:15:06.283", "references": [{"url": "https://success.trendmicro.com/en-US/solution/KA-0017793", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1228/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."}, {"lang": "es", "value": " Una vulnerabilidad en Trend Micro Deep Discovery Inspector (DDI) versiones 5.8 y posteriores podr\u00eda permitir a un atacante divulgar informaci\u00f3n confidencial de las instalaciones afectadas. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad."}], "lastModified": "2024-11-01T19:35:27.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77ED7D00-6C55-4F2D-A97F-2A8AB569BCF9", "versionEndExcluding": "6.6", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:6.6:1078:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE216061-F408-439A-90DC-9880010B2D58"}, {"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:6.6:1080:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1E1C9C3-7A9B-4661-BF34-ABECD8A64C83"}, {"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:6.7:1077:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F359F80-0A0A-4A1D-BC4E-3C8C0A2C4063"}, {"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:6.7:1086:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E125CD6-99D1-4C4C-9FB6-ADDBB7EB380D"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}