Control Manager@6.0 Security Vulnerabilities and Issues — Control Manager@6.0 CVE List

Lucene search

TrendmicroControl Manager6.0

20 matches found

CVE•added 2017/08/02 9:29 p.m.•41 views

CVE-2017-11384

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.

9.8CVSS10AI score0.0724EPSS

CVE•added 2017/08/02 9:29 p.m.•41 views

CVE-2017-11385

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.

9.8CVSS10AI score0.0724EPSS

CVE•added 2017/08/02 9:29 p.m.•41 views

CVE-2017-11388

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.

8.8CVSS9.3AI score0.07769EPSS

CVE•added 2017/08/02 9:29 p.m.•40 views

CVE-2017-11386

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.

9.8CVSS10AI score0.0724EPSS

CVE•added 2017/08/02 9:29 p.m.•38 views

CVE-2017-11390

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.

7.5CVSS7.2AI score0.00569EPSS

CVE•added 2017/08/02 9:29 p.m.•37 views

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.

7.5CVSS7.5AI score0.02088EPSS

CVE•added 2017/08/02 9:29 p.m.•36 views

CVE-2017-11383

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.

9.8CVSS10AI score0.0724EPSS

CVE•added 2018/02/09 10:29 p.m.•36 views

CVE-2018-3605

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.0951EPSS

CVE•added 2017/08/07 8:29 p.m.•35 views

CVE-2016-6220

Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.

7.5CVSS7.3AI score0.00528EPSS

CVE•added 2017/08/02 9:29 p.m.•34 views

CVE-2017-11389

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.

9.8CVSS9.7AI score0.07673EPSS

CVE•added 2018/02/09 10:29 p.m.•34 views

CVE-2018-3604

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.23185EPSS

CVE•added 2018/08/15 7:29 p.m.•31 views

CVE-2018-10511

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

10CVSS9.2AI score0.00368EPSS

CVE•added 2018/08/15 7:29 p.m.•31 views

CVE-2018-10512

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

7.5CVSS7.3AI score0.00699EPSS

CVE•added 2018/02/09 10:29 p.m.•30 views

CVE-2018-3602

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.04785EPSS

CVE•added 2018/02/09 10:29 p.m.•29 views

CVE-2018-3607

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.10384EPSS

CVE•added 2018/02/09 10:29 p.m.•28 views

CVE-2018-3601

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

9.8CVSS9.6AI score0.06013EPSS

CVE•added 2018/08/15 7:29 p.m.•26 views

CVE-2018-10510

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.

9.8CVSS9.7AI score0.03801EPSS

CVE•added 2018/02/09 10:29 p.m.•26 views

CVE-2018-3600

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

6.5CVSS6.1AI score0.00322EPSS

CVE•added 2018/02/09 10:29 p.m.•26 views

CVE-2018-3603

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.04785EPSS

CVE•added 2018/02/09 10:29 p.m.•21 views

CVE-2018-3606

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

8.8CVSS9.2AI score0.22692EPSS