cvelistv5 - CVE-2016-3987

CVE-2016-3987 (GCVE-0-2016-3987)

Vulnerability from cvelistv5

Published

2016-04-08 16:00

Modified

2024-09-16 16:59

Severity ?

CWE

Summary

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cnvd-2016-02208

Vulnerability from cnvd

Title

Trend Micro Password Manager HTTP服务器任意命令执行漏洞

Description

Trend Micro Password Manager是美国趋势科技（Trend Micro）公司的一套安全的密码管理解决方案。 Trend Micro Password Manager的HTTP服务器中存在安全漏洞，远程攻击者可利用该漏洞执行任意命令。

Severity

高

Patch Name

Trend Micro Password Manager HTTP服务器任意命令执行漏洞的补丁

Patch Description

Trend Micro Password Manager是美国趋势科技（Trend Micro）公司的一套安全的密码管理解决方案。 Trend Micro Password Manager的HTTP服务器中存在安全漏洞，远程攻击者可利用该漏洞执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/

Reference

http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/ https://www.exploit-db.com/exploits/39218/ https://code.google.com/p/google-security-research/issues/detail?id=693 http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html

Impacted products

Name
Trend Micro Password Manager

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3987"
    }
  },
  "description": "Trend Micro Password Manager\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u5b89\u5168\u7684\u5bc6\u7801\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nTrend Micro Password Manager\u7684HTTP\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Google Security Research",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02208",
  "openTime": "2016-04-15",
  "patchDescription": "Trend Micro Password Manager\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u5b89\u5168\u7684\u5bc6\u7801\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nTrend Micro Password Manager\u7684HTTP\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Password Manager HTTP\u670d\u52a1\u5668\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trend Micro Password Manager"
  },
  "referenceLink": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/\t\r\nhttps://www.exploit-db.com/exploits/39218/\t\r\nhttps://code.google.com/p/google-security-research/issues/detail?id=693\t\r\nhttp://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-04-14",
  "title": "Trend Micro Password Manager HTTP\u670d\u52a1\u5668\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

ghsa-xx4r-v983-p5jq

Vulnerability from github

Published

2022-05-13 01:06

Modified

2025-04-12 12:58

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-12T02:00:00Z",
    "severity": "CRITICAL"
  },
  "details": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.",
  "id": "GHSA-xx4r-v983-p5jq",
  "modified": "2025-04-12T12:58:23Z",
  "published": "2022-05-13T01:06:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3987"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39218"
    },
    {
      "type": "WEB",
      "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034662"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-3987

Vulnerability from fkie_nvd

Published

2016-04-12 02:00

Modified

2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

References

URL	Tags
cve@mitre.org	http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/	Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1034662	Third Party Advisory, VDB Entry
cve@mitre.org	https://code.google.com/p/google-security-research/issues/detail?id=693	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/39218/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034662	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://code.google.com/p/google-security-research/issues/detail?id=693	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39218/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	trendmicro	password_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:password_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7575875-C2CA-4736-8EC7-05FA6B6D7D58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB."
    },
    {
      "lang": "es",
      "value": "El servidor HTTP en Trend Micro Password Manager permite a servidores web remotos ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro url en (1) api/openUrlInDefaultBrowser o (2) api/showSB."
    }
  ],
  "id": "CVE-2016-3987",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-12T02:00:10.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034662"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39218/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39218/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-3987

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

Aliases

CVE-2016-3987

Aliases

CVE-2016-3987

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3987",
    "description": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.",
    "id": "GSD-2016-3987"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3987"
      ],
      "details": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.",
      "id": "GSD-2016-3987",
      "modified": "2023-12-13T01:21:27.361163Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-3987",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "39218",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39218/"
          },
          {
            "name": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html"
          },
          {
            "name": "1034662",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034662"
          },
          {
            "name": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/",
            "refsource": "CONFIRM",
            "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
          },
          {
            "name": "https://code.google.com/p/google-security-research/issues/detail?id=693",
            "refsource": "MISC",
            "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:password_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3987"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html"
            },
            {
              "name": "https://code.google.com/p/google-security-research/issues/detail?id=693",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
            },
            {
              "name": "39218",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/39218/"
            },
            {
              "name": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
            },
            {
              "name": "1034662",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1034662"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-09-09T17:40Z",
      "publishedDate": "2016-04-12T02:00Z"
    }
  }
}

var-201604-0114

Vulnerability from variot

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry's foresight with unique service concepts And leadership

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "password manager",
        "scope": null,
        "trust": 2.0,
        "vendor": "trend micro",
        "version": null
      },
      {
        "model": "password manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": null
      },
      {
        "model": "trend micro",
        "scope": null,
        "trust": 0.6,
        "vendor": "trend micro",
        "version": null
      },
      {
        "model": "password manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "trend micro",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "password manager",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "trend micro",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:trendmicro:password_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tavis Ormandy of Google.",
    "sources": [
      {
        "db": "BID",
        "id": "80260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-3987",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-3987",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-02208",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-00272",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2016-00228",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-3987",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-3987",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-3987",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-3987",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-02208",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-00272",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-00228",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-205",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-3987",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry\u0027s foresight with unique service concepts And leadership",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "db": "BID",
        "id": "80260"
      },
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      }
    ],
    "trust": 4.68
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39218",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3987",
        "trust": 3.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39218",
        "trust": 2.9
      },
      {
        "db": "PACKETSTORM",
        "id": "135222",
        "trust": 2.3
      },
      {
        "db": "SECTRACK",
        "id": "1034662",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "80260",
        "trust": 1.6
      },
      {
        "db": "EXPLOITDB",
        "id": "39218",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "E06590A6-1E3B-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "215A3F74-1E4D-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BC0981BA-1E4D-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "db": "BID",
        "id": "80260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "id": "VAR-201604-0114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      }
    ],
    "trust": 0.24
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 2.4
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:56:22.368000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Issue 693",
        "trust": 0.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=693\u0026redir=1"
      },
      {
        "title": "Information on Reported Vulnerabilities in Trend Micro Password Manager",
        "trust": 0.8,
        "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
      },
      {
        "title": "Trend Micro Password Manager HTTP server arbitrary command execution vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/74080"
      },
      {
        "title": "Trend Micro Password Manager has multiple vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/70202"
      },
      {
        "title": "TrendMicro node.js http server arbitrary command execution vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/70044"
      },
      {
        "title": "Trend Micro Password Manager HTTP Repair measures for server arbitrary command execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60893"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://www.exploit-db.com/exploits/39218/"
      },
      {
        "trust": 2.3,
        "url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
      },
      {
        "trust": 2.3,
        "url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/135222/trendmicro-node.js-http-server-command-execution.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034662"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/80260"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3987"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3987"
      },
      {
        "trust": 0.3,
        "url": "http://www.trend.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.trendmicro.com/us/home/products/software/password-manager/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://code.google.com/p/google-security-research/issues/detail?id=693\u0026can=1\u0026sort=-id"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/284.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "db": "BID",
        "id": "80260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "db": "BID",
        "id": "80260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-15T00:00:00",
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-01-19T00:00:00",
        "db": "IVD",
        "id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "IVD",
        "id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-04-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "date": "2016-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "date": "2016-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "date": "2016-01-11T00:00:00",
        "db": "BID",
        "id": "80260"
      },
      {
        "date": "2016-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "date": "2016-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "date": "2016-04-12T02:00:10.430000",
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "date": "2016-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00272"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00228"
      },
      {
        "date": "2016-04-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3987"
      },
      {
        "date": "2016-07-06T14:23:00",
        "db": "BID",
        "id": "80260"
      },
      {
        "date": "2016-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002096"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "date": "2021-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      },
      {
        "date": "2024-11-21T02:51:06.057000",
        "db": "NVD",
        "id": "CVE-2016-3987"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend Micro Password Manager HTTP Server arbitrary command execution vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-205"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-276"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-3987 (GCVE-0-2016-3987)

Vulnerability from cvelistv5

cnvd-2016-02208

Vulnerability from cnvd

ghsa-xx4r-v983-p5jq

Vulnerability from github

fkie_cve-2016-3987

Vulnerability from fkie_nvd

gsd-2016-3987

Vulnerability from gsd

var-201604-0114

Vulnerability from variot

Tags

Sightings

Nomenclature