Vulnerabilities > CVE-2017-14095 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored... |
| file | exploits/multiple/remote/43388.md |
| id | EDB-ID:43388 |
| last seen | 2017-12-22 |
| modified | 2017-12-19 |
| platform | multiple |
| port | |
| published | 2017-12-19 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43388/ |
| title | Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control |
| type | remote |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/145518/CORE-2017-0008.txt |
| id | PACKETSTORM:145518 |
| last seen | 2017-12-22 |
| published | 2017-12-22 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/145518/Trend-Micro-Smart-Protection-Server-3.2-XSS-Access-Control-Disclosure.html |
| title | Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure |