Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-16 CVE-2018-3609 Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
network
high complexity
trendmicro CWE-532
8.1
2018-02-09 CVE-2018-3607 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3606 SQL Injection vulnerability in Trendmicro Control Manager 6.0
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3605 SQL Injection vulnerability in Trendmicro Control Manager 6.0
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3604 SQL Injection vulnerability in Trendmicro Control Manager 6.0
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3603 SQL Injection vulnerability in Trendmicro Control Manager 6.0
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-02-09 CVE-2018-3602 SQL Injection vulnerability in Trendmicro Control Manager 6.0
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
8.8
2018-01-19 CVE-2017-14095 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
network
high complexity
trendmicro CWE-829
8.1
2018-01-19 CVE-2017-14082 Information Exposure vulnerability in Trendmicro Mobile Security 9.7
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.
network
low complexity
trendmicro CWE-200
7.5
2018-01-19 CVE-2017-11398 DEPRECATED: Information Exposure Through Debug Log Files vulnerability in Trendmicro Smart Protection Server
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
network
low complexity
trendmicro CWE-534
8.8