Lucene search
K

3 matches found

Check Point Advisories
Check Point Advisories
added 2018/12/09 12:0 a.m.5 views

Trend Micro Control Manager sCloudService GetPassword SQL Injection (CVE-2018-3604)

An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input on SOAP sCloudService requests invoking the GetPassword method. Successful exploitation of the vulnerability could allow the attacker to execute arbitra...

6.5CVSS2.8AI score0.68577EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/01/10 12:0 a.m.505 views

Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...

6.8CVSS9.1AI score0.68577EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/01/10 12:0 a.m.499 views

Trend Micro Control Manager sCloudService GetProductServerType SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6CVSS9.1AI score0.68577EPSS
Exploits0References1
Rows per page
Query Builder