Trend Micro Control Manager 6.0 Service Pack 3

CPE Details

Trend Micro Control Manager 6.0 Service Pack 3
trendmicro
control_manager
6.0
2017-08-15
11h14 +00:00
2021-08-10
13h19 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:trendmicro:control_manager:6.0:sp3:*:*:*:*:*:*

Informations

Vendor

trendmicro

Product

control_manager

Version

6.0

Update

sp3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-10510 2018-08-15 17h00 +00:00 A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
9.8
Critique
CVE-2018-10511 2018-08-15 17h00 +00:00 A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
10
Critique
CVE-2018-10512 2018-08-15 17h00 +00:00 A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
7.5
Haute
CVE-2018-3600 2018-02-09 21h00 +00:00 A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.
6.5
Moyen
CVE-2018-3601 2018-02-09 21h00 +00:00 A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
9.8
Critique
CVE-2018-3602 2018-02-09 21h00 +00:00 An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2018-3603 2018-02-09 21h00 +00:00 A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2018-3604 2018-02-09 21h00 +00:00 GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2018-3605 2018-02-09 21h00 +00:00 TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2018-3606 2018-02-09 21h00 +00:00 XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2018-3607 2018-02-09 21h00 +00:00 XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
8.8
Haute
CVE-2016-6220 2017-08-07 18h00 +00:00 Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.
7.5
Haute
CVE-2017-11383 2017-08-02 19h00 +00:00 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
9.8
Critique
CVE-2017-11384 2017-08-02 19h00 +00:00 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.
9.8
Critique
CVE-2017-11385 2017-08-02 19h00 +00:00 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
9.8
Critique
CVE-2017-11386 2017-08-02 19h00 +00:00 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
9.8
Critique
CVE-2017-11387 2017-08-02 19h00 +00:00 Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.
7.5
Haute
CVE-2017-11388 2017-08-02 19h00 +00:00 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
8.8
Haute
CVE-2017-11389 2017-08-02 19h00 +00:00 Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
9.8
Critique
CVE-2017-11390 2017-08-02 19h00 +00:00 XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
7.5
Haute