Vulnerabilities > Trendmicro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-22 | CVE-2017-11396 | Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 7.2 |
| 2017-09-22 | CVE-2017-11395 | OS Command Injection vulnerability in Trendmicro Smart Protection Server 3.1/3.2 Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-08-07 | CVE-2016-6220 | Information Exposure vulnerability in Trendmicro Control Manager 6.0 Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. | 7.5 |
| 2017-08-03 | CVE-2017-11392 | Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-08-03 | CVE-2017-11391 | Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-08-03 | CVE-2017-11382 | Exposure of Resource to Wrong Sphere vulnerability in Trendmicro Deep Discovery Email Inspector 2.5.1 Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. | 7.5 |
| 2017-08-02 | CVE-2017-11390 | XXE vulnerability in Trendmicro Control Manager 6.0 XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. | 7.5 |
| 2017-08-02 | CVE-2017-11388 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. | 8.8 |
| 2017-08-02 | CVE-2017-11387 | Information Exposure vulnerability in Trendmicro Control Manager 6.0 Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. | 7.5 |
| 2017-08-01 | CVE-2017-11379 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Deep Discovery Director 1.1 Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 7.5 |