Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
Weakness
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Deep_discovery_inspector | Trendmicro | 3.5 (including) | 3.5 (including) |
| Deep_discovery_inspector | Trendmicro | 3.6 (including) | 3.6 (including) |
| Deep_discovery_inspector | Trendmicro | 3.7 (including) | 3.7 (including) |
| Deep_discovery_inspector | Trendmicro | 3.8 (including) | 3.8 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/143.html
- https://cwe.mitre.org/data/definitions/144.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/87.html