Vulnerabilities > Trendmicro > Control Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
4.9
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
network
high complexity
trendmicro microsoft CWE-427
5.1
2018-08-15 CVE-2018-10512 Unspecified vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
network
low complexity
trendmicro microsoft
5.0
2018-08-15 CVE-2018-10511 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
network
low complexity
trendmicro CWE-918
6.4
2018-02-09 CVE-2018-3607 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5
2018-02-09 CVE-2018-3606 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5
2018-02-09 CVE-2018-3605 SQL Injection vulnerability in Trendmicro Control Manager 6.0
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5
2018-02-09 CVE-2018-3604 SQL Injection vulnerability in Trendmicro Control Manager 6.0
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5
2018-02-09 CVE-2018-3603 SQL Injection vulnerability in Trendmicro Control Manager 6.0
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5
2018-02-09 CVE-2018-3602 SQL Injection vulnerability in Trendmicro Control Manager 6.0
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
6.5