Vulnerability Details : CVE-2019-15625
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
Products affected by CVE-2019-15625
- Trendmicro » Password Manager » For WindowsVersions from including (>=) 3.8 and up to, including, (<=) 3.8.0.1103cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*
- Trendmicro » Password Manager » For MacosVersions from including (>=) 3.8 and up to, including, (<=) 3.8.0.1052cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:macos:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15625
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2019-15625
-
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx
Vendor Advisory
-
https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx
アラート/アドバイザリ:パスワードマネージャーのセキュリティ情報(CVE-2019-15625) | サポート Q&A:トレンドマイクロVendor Advisory
-
https://jvn.jp/en/jp/JVN49593434/index.html
JVN#49593434: Trend Micro Password Manager vulnerable to information disclosureThird Party Advisory
-
https://jvn.jp/jp/JVN49593434/index.html
JVN#49593434: トレンドマイクロ製パスワードマネージャーにおける情報漏えいの脆弱性Third Party Advisory
Jump to