Vulnerabilities > Trendmicro > Control Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-10510 Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-22
critical
9.8
2018-08-15 CVE-2018-10511 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
network
low complexity
trendmicro CWE-918
critical
10.0
2018-02-09 CVE-2018-3601 Improper Authentication vulnerability in Trendmicro Control Manager 6.0
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
network
low complexity
trendmicro CWE-287
critical
9.8
2017-08-02 CVE-2017-11383 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11384 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11385 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11386 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11389 Path Traversal vulnerability in Trendmicro Control Manager 6.0
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory.
network
low complexity
trendmicro CWE-22
critical
9.8