Trend Micro Control Manager TreeUserControl_process_tree_event Information Disclosure

An XML external entity XXE processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query in TreeUserControlprocesstreeevent.aspx. A remote, authenticated attacker could exploit this...

Trend Micro Control Manager TreeUserControl_process_tree_event External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within TreeUserControlprocesstreeevent.aspx. The issue lies in the failure to...