vendor:
Trend Micro Deep Discovery Inspector
by:
John Page aka hyp3rlinx
N/A
CVSS
N/A
Cross Site Request Forgery - CSRF
CWE
Product Name: Trend Micro Deep Discovery Inspector
Affected Version From: 3.7
Affected Version To: 3.8
Patch Exists: YES
Related CWE:
CPE: trendmicro:deep_discovery_inspector
Platforms Tested:
Trend Micro Deep Discovery CSRF Vulnerability
Trend Micro Deep Discovery suffers from multiple CSRF vectors, allowing an authenticated user to modify various settings of the application.
Mitigation:
Trend Micro has released DDI 3.8 SP2. All versions up to version 3.8 SP1 must upgrade to version 3.8 SP2 (Build 3.82.1133) to address this issue.