CVE-2018-3602

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

A CGGIServlet SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

GetXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3603

Trend Micro Control Manager 6.0 contains a CGGIServlet SQL injection that allows remote code execution. The ZDI advisory specifies the vulnerability in the ID_QUERY_COMMAND_TRACKING_USER_ID parameter, where improper input validation enables arbitrary code execution under the Network Service accou...

CVE-2018-3600

A external entity processing information disclosure XXE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations...

CVE-2018-3602

The CVE-2018-3602 issue affects Trend Micro Control Manager 6.0 via an AdHocQuery_Processor SQL Injection that enables remote code execution. The root cause is improper validation of a user-supplied string used to build SQL queries within the GetProductCategory method of the AdHocQuery_Processor ...

CVE-2018-3605

Concrete details available: Multiple SQL injection-based RCE vulnerabilities exist in Trend Micro Control Manager 6.0. Reports from ZDI describe flaws where user-supplied strings are not properly validated in the reporting servlet, enabling remote code execution. Affected methods include TopSensi...

CVE-2018-3601

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations...

CVE-2018-3601

CVE-2018-3601 affects Trend Micro Control Manager 6.0, where a password hash usage authentication bypass allows remote attackers to bypass authentication on vulnerable installations. Multiple connected sources (NVD/CNVD/ZDI) confirm the flaw arises in how authentication challenges are handled, en...

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...

Sql injection

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561...

CVE-2017-11383

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560...

Sql injection

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545...

CVE-2017-11385

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545...

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...

CVE-2017-11390

This CVE concerns an XML External Entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0. The issue stems from XXE handling in the product’s input processing, enabling information disclosure if an attacker supplies malicious XML. Multiple connected sources (NVD entry, ZDI adviso...

CVE-2017-11387

CVE-2017-11387 concerns Trend Micro Control Manager 6.0 where an authentication bypass allows information disclosure by manipulating functionality that changes debug logging level. The issue arises because authentication validation is not performed for that capability, enabling remote attackers t...