Vulnerabilities > Trendmicro > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-16 | CVE-2018-3609 | Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | 8.1 |
2018-02-09 | CVE-2018-3607 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-02-09 | CVE-2018-3606 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-02-09 | CVE-2018-3605 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-02-09 | CVE-2018-3604 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-02-09 | CVE-2018-3603 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-02-09 | CVE-2018-3602 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
2018-01-19 | CVE-2017-14095 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | 8.1 |
2018-01-19 | CVE-2017-14082 | Information Exposure vulnerability in Trendmicro Mobile Security 9.7 An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | 7.5 |
2018-01-19 | CVE-2017-11398 | DEPRECATED: Information Exposure Through Debug Log Files vulnerability in Trendmicro Smart Protection Server A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | 8.8 |