CERTA-2011-AVI-362
Vulnerability from certfr_avis - Published: 2011-06-17 - Updated: 2011-06-17
Un vulnérabilité de type injection de code indirecte affecte la console d'administration Trend Micro Control Manager.
Description
Une variable dont le contenu est fourni par l'utilisateur n'est pas convenablement filtrée par un script de la console Trend Micro Control Manager. Ce défaut est exploitable par un utilisateur malveillant pour réaliser de l'injection de code indirecte (XSS).
Solution
Trend Micro Control Manager 5.5, build 1435 et suivant remédient à ce problème. Se référer au site de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Trend Micro Control Manager 5.5, build 1250.
D'autres versions peuvent être affectées.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eTrend Micro Control Manager 5.5, \u003cSPAN class=\"textit\"\u003ebuild\u003c/SPAN\u003e 1250. \u003cP\u003eD\u0027autres versions peuvent \u00eatre affect\u00e9es.\u003c/P\u003e\u003c/p\u003e",
"content": "## Description\n\nUne variable dont le contenu est fourni par l\u0027utilisateur n\u0027est pas\nconvenablement filtr\u00e9e par un script de la console Trend Micro Control\nManager. Ce d\u00e9faut est exploitable par un utilisateur malveillant pour\nr\u00e9aliser de l\u0027injection de code indirecte (XSS).\n\n## Solution\n\nTrend Micro Control Manager 5.5, build 1435 et suivant rem\u00e9dient \u00e0 ce\nprobl\u00e8me. Se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2011-06-17T00:00:00",
"last_revision_date": "2011-06-17T00:00:00",
"links": [
{
"title": "Site produit de l\u0027\u00e9diteur :",
"url": "http://esupport.trendmicro.com/en-us/enterprise/pages/ppva_trendmicrocontrolmanager50.aspx"
}
],
"reference": "CERTA-2011-AVI-362",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Un vuln\u00e9rabilit\u00e9 de type injection de code indirecte affecte la console\nd\u0027administration Trend Micro Control Manager.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Trend Micro Control Manager",
"vendor_advisories": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…