Vulnerabilities > Trendmicro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-11386 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. | 7.5 |
| 2017-08-02 | CVE-2017-11385 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. | 7.5 |
| 2017-08-02 | CVE-2017-11384 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. | 7.5 |
| 2017-08-02 | CVE-2017-11383 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. | 7.5 |
| 2017-08-01 | CVE-2017-11381 | OS Command Injection vulnerability in Trendmicro Deep Discovery Director 1.1 A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | 7.5 |
| 2017-08-01 | CVE-2017-11380 | Use of Hard-coded Credentials vulnerability in Trendmicro Deep Discovery Director 1.1 Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | 7.5 |
| 2017-05-26 | CVE-2017-9036 | Missing Authorization vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | 7.2 |
| 2017-04-28 | CVE-2016-8584 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | 7.5 |
| 2017-04-12 | CVE-2016-7547 | 7PK - Time and State vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | 7.5 |
| 2017-03-21 | CVE-2017-5565 | Uncontrolled Search Path Element vulnerability in Trendmicro products Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. | 7.2 |