Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2018-10512 (GCVE-0-2018-10512)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

Severity ?

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10512",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10511 (GCVE-0-2018-10511)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SSRF

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10511",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10510 (GCVE-0-2018-10510)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

Directory Traversal

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10510",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:07.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3607 (GCVE-0-2018-3607)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3607",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3606 (GCVE-0-2018-3606)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3606",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3605 (GCVE-0-2018-3605)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3605",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3605",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3604 (GCVE-0-2018-3604)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3604",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:29.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3603 (GCVE-0-2018-3603)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3603",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3602 (GCVE-0-2018-3602)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3602",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3601 (GCVE-0-2018-3601)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

Severity ?

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3601",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3600 (GCVE-0-2018-3600)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

Severity ?

No CVSS data available.

CWE

XML External Entity (XXE)

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3600",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10512 (GCVE-0-2018-10512)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

Severity ?

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10512",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10511 (GCVE-0-2018-10511)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SSRF

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10511",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10510 (GCVE-0-2018-10510)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

Directory Traversal

Assigner

trendmicro

References

URL

Tags

https://success.trendmicro.com/solution/1120112

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10510",
    "datePublished": "2018-08-15T19:00:00",
    "dateReserved": "2018-04-27T00:00:00",
    "dateUpdated": "2024-08-05T07:39:07.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3600 (GCVE-0-2018-3600)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

Severity ?

No CVSS data available.

CWE

XML External Entity (XXE)

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3600",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3604 (GCVE-0-2018-3604)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3604",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:29.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3605 (GCVE-0-2018-3605)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3605",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3605",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3601 (GCVE-0-2018-3601)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

Severity ?

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3601",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3607 (GCVE-0-2018-3607)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3607",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3602 (GCVE-0-2018-3602)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3602",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3606 (GCVE-0-2018-3606)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3606",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3603 (GCVE-0-2018-3603)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity ?

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Control Manager	Affected: 6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3603",
    "datePublished": "2018-02-09T22:00:00",
    "dateReserved": "2017-12-27T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

22 vulnerabilities found for Trend Micro Control Manager by Trend Micro

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3605 (GCVE-0-2018-3605)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3603 (GCVE-0-2018-3603)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3605 (GCVE-0-2018-3605)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3603 (GCVE-0-2018-3603)