CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 1CVE-2018-3609
https://notcve.org/view.php?id=CVE-2018-3609
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. Una vulnerabilidad en el portal de gestión de Trend Micro InterScan Messaging Security Virtual Appliance 9.0 y 9.1 podría permitir que un usuario no autenticado acceda a información sensible en un archivo de registro en particular que podría emplearse para omitir la autenticación en instalaciones vulnerables. • http://www.securityfocus.com/bid/103097 https://korelogic.com/Resources/Advisories/KL-001-2018-006.txt https://success.trendmicro.com/jp/solution/1119290 https://success.trendmicro.com/solution/1119277 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 https://jvn.jp/jp/JVN28865183 https://success.trendmicro.com/jp/solution/1119348 https://success.trendmicro.com/solution/1119326 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14082 – Trend Micro Mobile Security for Enterprise clt_report_sms_status Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14082
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. Una vulnerabilidad de divulgación de información de puntero no inicializado en Trend Micro Mobile Security (Enterprise) en versiones 9.7 y anteriores podría permitir que un atacante remoto no autenticado revele información sensible en un sistema vulnerable. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the clt_report_sms_status action. The issue results from the lack of proper initialization of a pointer prior to accessing it. • http://www.securityfocus.com/bid/102216 http://www.zerodayinitiative.com/advisories/ZDI-17-972 https://success.trendmicro.com/solution/1118993 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11396
https://notcve.org/view.php?id=CVE-2017-11396
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. Los problemas de vulnerabilidades con la inspección del servicio web de parámetros de entrada en la versión 6.5 de Trend Micro Web Security Virtual Appliance podría permitir que los atacantes que ya posean derechos de administración en la consola implementen inyecciones remotas de código. • https://success.trendmicro.com/solution/1117412 •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-14079 – Trend Micro Mobile Security for Enterprise upload_img_file Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14079
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Las subidas de archivos sin restricción en las versiones anteriores a 9.7 Patch 3 de Trend Micro Mobile Security (Enterprise) permiten que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upload_img_file action. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. • http://www.securityfocus.com/bid/100970 http://www.zerodayinitiative.com/advisories/ZDI-17-785 http://www.zerodayinitiative.com/advisories/ZDI-17-789 http://www.zerodayinitiative.com/advisories/ZDI-17-790 http://www.zerodayinitiative.com/advisories/ZDI-17-807 https://success.trendmicro.com/solution/1118224 • CWE-434: Unrestricted Upload of File with Dangerous Type •