CVE-2019-19696

Name: CVE-2019-19696
Creator: NVD / NIST
Published: 2020-01-18T00:15:12.093+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.47%

Last modified Jun 17, 2026

CVE-2019-19696 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.47%

37.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Trendmicro	Password Manager	>= 5.0, <= 5.0.0.1076
Trendmicro	Password Manager	>= 5.0, <= 5.0.1047

References

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspxVendor Advisory
https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspxVendor Advisory
https://jvn.jp/en/jp/JVN37183636/index.htmlThird Party Advisory
https://jvn.jp/jp/JVN37183636/index.htmlThird Party Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspxVendor Advisory
https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspxVendor Advisory
https://jvn.jp/en/jp/JVN37183636/index.htmlThird Party Advisory
https://jvn.jp/jp/JVN37183636/index.htmlThird Party Advisory

Timeline

Published: Jan 18, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-19696?

How severe is CVE-2019-19696?

CVE-2019-19696 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.

How do I fix CVE-2019-19696?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19696?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST