Vulnerabilities > Trendmicro > Control Manager

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
5.5
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2018-08-15 CVE-2018-10512 Unspecified vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
network
low complexity
trendmicro
7.5
2018-08-15 CVE-2018-10511 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
network
low complexity
trendmicro CWE-918
critical
10.0
2018-08-15 CVE-2018-10510 Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-22
critical
9.8
2018-02-09 CVE-2018-3607 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3606 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3605 SQL Injection vulnerability in Trendmicro Control Manager 6.0
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3604 SQL Injection vulnerability in Trendmicro Control Manager 6.0
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3603 SQL Injection vulnerability in Trendmicro Control Manager 6.0
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8