CVE-2019-15626

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-15626

CWE

https://cwe.mitre.org/data/definitions/319.html

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name	Vendor	Start Version	End Version
Deep_security	Trendmicro	10.0 (including)	10.0 (including)
Deep_security	Trendmicro	11.0 (including)	11.0 (including)
Deep_security	Trendmicro	12.0 (including)	12.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/117.html
https://cwe.mitre.org/data/definitions/383.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/65.html

References

https://success.trendmicro.com/solution/000149495
https://success.trendmicro.com/solution/000149495

Cleartext Transmission of Sensitive Information

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References