CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2017-11389 – Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. Existe una vulnerabilidad de tipo Directory Traversal en Trend Micro Control Manager 6.0 que permite que se ejecute código remoto por atacantes capaces de ubicar archivos arbitrarios en un directorio expuesto en Internet. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4684. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-500 https://success.trendmicro.com/solution/1117722 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11390 – Trend Micro Control Manager BasePageSessionExpire External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11390
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. Existe una vulnerabilidad de procesamiento de entidades XML externas (XXE) en Trend Micro Control Manager 6.0 que, de ser explotado, podría provocar que se fugue información. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4706. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.zerodayinitiative.com/advisories/ZDI-17-501 https://success.trendmicro.com/solution/1117722 • CWE-611: Improper Restriction of XML External Entity Reference •