Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2018-10512 (GCVE-0-2018-10512)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

Severity

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10512",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10511 (GCVE-0-2018-10511)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

Severity

No CVSS data available.

CWE

SSRF

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10511",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10510 (GCVE-0-2018-10510)

Vulnerability from cvelistv5 – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

Directory Traversal

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10510",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:07.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3602 (GCVE-0-2018-3602)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

2 references

URL	Tags
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3602",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3603 (GCVE-0-2018-3603)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3603",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3607 (GCVE-0-2018-3607)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

4 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3607",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3600 (GCVE-0-2018-3600)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

Severity

No CVSS data available.

CWE

XML External Entity (XXE)

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3600",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3606 (GCVE-0-2018-3606)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

18 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3606",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3604 (GCVE-0-2018-3604)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

8 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3604",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:29.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3601 (GCVE-0-2018-3601)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

Severity

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3601",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3605 (GCVE-0-2018-3605)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

17 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3605",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3605",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10512 (GCVE-0-2018-10512)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

Severity

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10512",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10511 (GCVE-0-2018-10511)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

Severity

No CVSS data available.

CWE

SSRF

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10511",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10510 (GCVE-0-2018-10510)

Vulnerability from nvd – Published: 2018-08-15 19:00 – Updated: 2024-08-05 07:39

Summary

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

Directory Traversal

Assigner

trendmicro

References

1 reference

URL	Tags
https://success.trendmicro.com/solution/1120112	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0 and 7.0

Date Public

2018-08-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1120112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T18:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1120112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-10510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 and 7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1120112",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1120112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-10510",
    "datePublished": "2018-08-15T19:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:07.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3602 (GCVE-0-2018-3602)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

2 references

URL	Tags
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3602",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3603 (GCVE-0-2018-3603)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3603",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3607 (GCVE-0-2018-3607)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

4 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3607",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3600 (GCVE-0-2018-3600)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

Severity

No CVSS data available.

CWE

XML External Entity (XXE)

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3600",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3606 (GCVE-0-2018-3606)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

18 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3606",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3604 (GCVE-0-2018-3604)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

8 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3604",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:29.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3601 (GCVE-0-2018-3601)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

Severity

No CVSS data available.

CWE

Insecure Permissions

Assigner

trendmicro

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3601",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3605 (GCVE-0-2018-3605)

Vulnerability from nvd – Published: 2018-02-09 22:00 – Updated: 2024-08-05 04:50

Summary

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Severity

No CVSS data available.

CWE

SQL Injection

Assigner

trendmicro

References

17 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://success.trendmicro.com/solution/1119158	x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Trend Micro	Trend Micro Control Manager	Affected: 6.0

Date Public

2018-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/1119158"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Control Manager",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01.000Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://success.trendmicro.com/solution/1119158"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2018-3605",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Control Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
            },
            {
              "name": "https://success.trendmicro.com/solution/1119158",
              "refsource": "CONFIRM",
              "url": "https://success.trendmicro.com/solution/1119158"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2018-3605",
    "datePublished": "2018-02-09T22:00:00.000Z",
    "dateReserved": "2017-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

22 vulnerabilities found for Trend Micro Control Manager by Trend Micro

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3603 (GCVE-0-2018-3603)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3605 (GCVE-0-2018-3605)

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3603 (GCVE-0-2018-3603)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3605 (GCVE-0-2018-3605)

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

22 vulnerabilities found for Trend Micro Control Manager by Trend Micro

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3603 (GCVE-0-2018-3603)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3605 (GCVE-0-2018-3605)

CVE-2018-10512 (GCVE-0-2018-10512)

CVE-2018-10511 (GCVE-0-2018-10511)

CVE-2018-10510 (GCVE-0-2018-10510)

CVE-2018-3602 (GCVE-0-2018-3602)

CVE-2018-3603 (GCVE-0-2018-3603)

CVE-2018-3607 (GCVE-0-2018-3607)

CVE-2018-3600 (GCVE-0-2018-3600)

CVE-2018-3606 (GCVE-0-2018-3606)

CVE-2018-3604 (GCVE-0-2018-3604)

CVE-2018-3601 (GCVE-0-2018-3601)

CVE-2018-3605 (GCVE-0-2018-3605)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.