22 matches found
CVE-2019-14688
This CVE affects Trend Micro installer packages. A DLL hijack vulnerability was present in an installer version used by multiple Trend Micro products and could be exploited only during the initial product installation by an authorized user. The attacker must cause the target to place a malicious ...
CVE-2021-25252
CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...
CVE-2017-11390
This CVE concerns an XML External Entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0. The issue stems from XXE handling in the product’s input processing, enabling information disclosure if an attacker supplies malicious XML. Multiple connected sources (NVD entry, ZDI adviso...
CVE-2017-11385
CVE-2017-11385 affects Trend Micro Control Manager 6.0. The issue is an SQL injection in cmdHandlerStatusMonitor.dll triggered by improper validation when handling opcode 0x6b1b, enabling remote code execution. Public disclosures (ZDI-17-495, NVD entry) describe unauthenticated remote exploitatio...
CVE-2017-11388
CVE-2017-11388 affects Trend Micro Control Manager 6.0. The vulnerability is a SQL injection in RestfulServiceUtility.NET.dll that fails to validate user-supplied strings when constructing SQL queries, enabling Remote Code Execution. The ZDI advisories describe exploitation requiring authenticati...
CVE-2017-11384
CVE-2017-11384 affects Trend Micro Control Manager 6.0. The vulnerability is an SQL injection in the cmdHandlerLicenseManager.dll that occurs when handling input for opcode 0x3b21, due to improper input validation, enabling remote code execution. The issue can be exploited remotely with no authen...
CVE-2017-11386
Trend Micro Control Manager 6.0 is affected by a SQL injection in the component cmdHandlerNewReportScheduler.dll when processing opcode 0x4707, caused by lack of proper input validation. This vulnerability can lead to Remote Code Execution and is documented as CVE-2017-11386 (ZDI-17-496). Public ...
CVE-2018-3605
Concrete details available: Multiple SQL injection-based RCE vulnerabilities exist in Trend Micro Control Manager 6.0. Reports from ZDI describe flaws where user-supplied strings are not properly validated in the reporting servlet, enabling remote code execution. Affected methods include TopSensi...
CVE-2017-11387
CVE-2017-11387 concerns Trend Micro Control Manager 6.0 where an authentication bypass allows information disclosure by manipulating functionality that changes debug logging level. The issue arises because authentication validation is not performed for that capability, enabling remote attackers t...
CVE-2017-11383
Trend Micro Control Manager (TMCM) 6.0 contains a SQL injection in cmdHandlerTVCSCommander.dll when handling opcode 0x1b07 due to insufficient validation of user input, enabling remote code execution. Public advisories (ZDI-17-493) and CVE-2017-11383 describe remote exploitation without authentic...
CVE-2016-6220
CVE-2016-6220 affects Trend Micro Control Manager SP3 6.0; a vulnerability in the Dashboard and Error Pages allows information disclosure over the network. CVSS-3.1 base score 7.5 (HIGH) with no privileges required and no user interaction, impacting confidentiality (HIGH) but not integrity/availa...
CVE-2017-11389
CVE-2017-11389 is a directory traversal vulnerability in Trend Micro Control Manager 6.0 that allows remote code execution by dropping arbitrary files in a web-facing directory. The root cause is improper validation of a user-supplied path in the module cmdHandlerFileHandling.dll, enabling an att...
CVE-2018-10511
CVE-2018-10511 affects Trend Micro Control Manager versions 6.0 and 7.0, with a server-side request forgery (SSRF) vulnerability. The connected documents describe an SSRF condition that could be exploited to induce the management console to issue requests to internal or external targets. The sour...
CVE-2018-10512
CVE-2018-10512 involves Trend Micro Control Manager (versions 6.0 and 7.0). A vulnerability could allow an attacker to manipulate the reverse proxy DLL on vulnerable installations, potentially leading to a denial of service. The connected sources corroborate a DoS impact from DLL manipulation; no...
CVE-2018-3602
The CVE-2018-3602 issue affects Trend Micro Control Manager 6.0 via an AdHocQuery_Processor SQL Injection that enables remote code execution. The root cause is improper validation of a user-supplied string used to build SQL queries within the GetProductCategory method of the AdHocQuery_Processor ...
CVE-2018-3604
Trend Micro Control Manager 6.0 is vulnerable to multiple SQL injection vulnerabilities that allow remote code execution via various GetXXX methods (GetPassword, GetRuleList, GetProductServerType) and related functions (sp_DDI_GetInterestedIPByJobID2). The root cause across advisories is lack of ...
CVE-2018-3607
CVE-2018-3607 relates to Trend Micro Control Manager 6.0 with a SQL injection in the XXXTreeNode method that enables remote code execution. ZDI advisories detail specific vulnerable paths (InsertSelectedTreeNodeWithACL, sp_DeleteSelectedTreeNodesByRefKey, ClearSelectedTreeNode) and note that expl...
CVE-2018-3601
CVE-2018-3601 affects Trend Micro Control Manager 6.0, where a password hash usage authentication bypass allows remote attackers to bypass authentication on vulnerable installations. Multiple connected sources (NVD/CNVD/ZDI) confirm the flaw arises in how authentication challenges are handled, en...
CVE-2018-10510
A directory traversal vulnerability exists in Trend Micro Control Manager (TMCM) versions 6.0 and 7.0 that could allow a remote attacker to execute arbitrary code on vulnerable installations (remote code execution). The CNVD record confirms the affected product and impact; no remediation details ...
CVE-2018-3603
Trend Micro Control Manager 6.0 contains a CGGIServlet SQL injection that allows remote code execution. The ZDI advisory specifies the vulnerability in the ID_QUERY_COMMAND_TRACKING_USER_ID parameter, where improper input validation enables arbitrary code execution under the Network Service accou...
CVE-2018-3600
The CVE-2018-3600 issue affects Trend Micro Control Manager 6.0, with an XXE flaw in the AdHocQuery_Processor that allows remote disclosure of sensitive information. The root cause is improper XML External Entity handling, enabling an attacker to read contents via a crafted URI and inject it back...
CVE-2018-3606
The CVE-2018-3606 issue affects Trend Micro Control Manager 6.0. Multiple ZDI advisories describe SQL Injection leading to Remote Code Execution in various Control Manager components (e.g., SensitiveFilesOverTime, TemplateMatchByTemplate, TemplateMatchByChannel, ThreatStastics, UserStatusBySeveri...