Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
7.5CVSS
8AI Score
0.001EPSS
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
9.8CVSS
9.5AI Score
0.002EPSS
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
9.8CVSS
9.6AI Score
0.002EPSS