Vulnerabilities > Trendmicro > Control Manager > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2018-08-15 CVE-2018-10512 Unspecified vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
network
low complexity
trendmicro
7.5
2018-02-09 CVE-2018-3607 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3606 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3605 SQL Injection vulnerability in Trendmicro Control Manager 6.0
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3604 SQL Injection vulnerability in Trendmicro Control Manager 6.0
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3603 SQL Injection vulnerability in Trendmicro Control Manager 6.0
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3602 SQL Injection vulnerability in Trendmicro Control Manager 6.0
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2017-08-07 CVE-2016-6220 Information Exposure vulnerability in Trendmicro Control Manager 6.0
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.
network
low complexity
trendmicro CWE-200
7.5
2017-08-02 CVE-2017-11390 XXE vulnerability in Trendmicro Control Manager 6.0
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure.
network
low complexity
trendmicro CWE-611
7.5