Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-11389 Path Traversal vulnerability in Trendmicro Control Manager 6.0
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory.
network
low complexity
trendmicro CWE-22
critical
9.8
2017-08-02 CVE-2017-11386 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11385 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11384 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-02 CVE-2017-11383 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-01 CVE-2017-11381 OS Command Injection vulnerability in Trendmicro Deep Discovery Director 1.1
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
network
low complexity
trendmicro CWE-78
critical
9.8
2017-08-01 CVE-2017-11380 Use of Hard-coded Credentials vulnerability in Trendmicro Deep Discovery Director 1.1
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
network
low complexity
trendmicro CWE-798
critical
9.8
2017-05-26 CVE-2017-9034 Improper Input Validation vulnerability in Trendmicro Serverprotect 3.0
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
network
low complexity
trendmicro CWE-20
critical
9.8
2017-04-28 CVE-2016-8584 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
network
low complexity
trendmicro CWE-284
critical
9.8
2017-04-12 CVE-2016-7552 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root.
network
low complexity
trendmicro CWE-22
critical
9.8