Lucene search

[email protected]CVE-2017-14078

HistorySep 22, 2017 - 4:29 p.m.

CVE-2017-14078

2017-09-2216:29:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2017-14078

sql injection

trend micro

mobile security

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.612

Percentile

97.8%

JSON

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Affected configurations

NVD

Node

trendmicromobile_securityMatch9.7enterprise

VendorProductVersionCPE
trendmicromobile_security9.7cpe:/a:trendmicro:mobile_security:9.7::enterprise:

Vendor	Product	Version	CPE
trendmicro	mobile_security	9.7	cpe:/a:trendmicro:mobile_security:9.7::enterprise:

CNA Affected

[
  {
    "product": "Mobile Security (Enterprise)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "< 9.7 Patch 3"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100966

www.zerodayinitiative.com/advisories/ZDI-17-739

www.zerodayinitiative.com/advisories/ZDI-17-740

www.zerodayinitiative.com/advisories/ZDI-17-741

www.zerodayinitiative.com/advisories/ZDI-17-742

www.zerodayinitiative.com/advisories/ZDI-17-743

www.zerodayinitiative.com/advisories/ZDI-17-744

www.zerodayinitiative.com/advisories/ZDI-17-745

www.zerodayinitiative.com/advisories/ZDI-17-746

www.zerodayinitiative.com/advisories/ZDI-17-747

www.zerodayinitiative.com/advisories/ZDI-17-748

www.zerodayinitiative.com/advisories/ZDI-17-749

www.zerodayinitiative.com/advisories/ZDI-17-750

www.zerodayinitiative.com/advisories/ZDI-17-751

www.zerodayinitiative.com/advisories/ZDI-17-753

www.zerodayinitiative.com/advisories/ZDI-17-754

www.zerodayinitiative.com/advisories/ZDI-17-755

www.zerodayinitiative.com/advisories/ZDI-17-756

www.zerodayinitiative.com/advisories/ZDI-17-757

www.zerodayinitiative.com/advisories/ZDI-17-758

www.zerodayinitiative.com/advisories/ZDI-17-759

www.zerodayinitiative.com/advisories/ZDI-17-760

www.zerodayinitiative.com/advisories/ZDI-17-761

www.zerodayinitiative.com/advisories/ZDI-17-762

www.zerodayinitiative.com/advisories/ZDI-17-763

www.zerodayinitiative.com/advisories/ZDI-17-764

www.zerodayinitiative.com/advisories/ZDI-17-765

www.zerodayinitiative.com/advisories/ZDI-17-766

www.zerodayinitiative.com/advisories/ZDI-17-768

www.zerodayinitiative.com/advisories/ZDI-17-769

www.zerodayinitiative.com/advisories/ZDI-17-770

www.zerodayinitiative.com/advisories/ZDI-17-771

www.zerodayinitiative.com/advisories/ZDI-17-772

www.zerodayinitiative.com/advisories/ZDI-17-773

www.zerodayinitiative.com/advisories/ZDI-17-775

www.zerodayinitiative.com/advisories/ZDI-17-776

www.zerodayinitiative.com/advisories/ZDI-17-777

www.zerodayinitiative.com/advisories/ZDI-17-778

www.zerodayinitiative.com/advisories/ZDI-17-779

www.zerodayinitiative.com/advisories/ZDI-17-780

www.zerodayinitiative.com/advisories/ZDI-17-781

www.zerodayinitiative.com/advisories/ZDI-17-782

www.zerodayinitiative.com/advisories/ZDI-17-783

www.zerodayinitiative.com/advisories/ZDI-17-784

www.zerodayinitiative.com/advisories/ZDI-17-786

www.zerodayinitiative.com/advisories/ZDI-17-787

www.zerodayinitiative.com/advisories/ZDI-17-788

www.zerodayinitiative.com/advisories/ZDI-17-791

www.zerodayinitiative.com/advisories/ZDI-17-792

www.zerodayinitiative.com/advisories/ZDI-17-793

www.zerodayinitiative.com/advisories/ZDI-17-794

www.zerodayinitiative.com/advisories/ZDI-17-795

www.zerodayinitiative.com/advisories/ZDI-17-796

www.zerodayinitiative.com/advisories/ZDI-17-797

www.zerodayinitiative.com/advisories/ZDI-17-798

www.zerodayinitiative.com/advisories/ZDI-17-799

www.zerodayinitiative.com/advisories/ZDI-17-800

www.zerodayinitiative.com/advisories/ZDI-17-801

www.zerodayinitiative.com/advisories/ZDI-17-802

www.zerodayinitiative.com/advisories/ZDI-17-803

www.zerodayinitiative.com/advisories/ZDI-17-804

www.zerodayinitiative.com/advisories/ZDI-17-805

www.zerodayinitiative.com/advisories/ZDI-17-806

www.zerodayinitiative.com/advisories/ZDI-17-808

www.zerodayinitiative.com/advisories/ZDI-17-809

www.zerodayinitiative.com/advisories/ZDI-17-810

success.trendmicro.com/solution/1118224

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.612

Percentile

97.8%

JSON

Related for CVE-2017-14078

zdi66 checkpoint_advisories3 cvelist1 prion1 nvd1