CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11382 – Trend Micro Deep Discovery Email Inspector kdump_setting Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-11382
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. Una vulnerabilidad de denegación de servicio en Trend Micro Deep Discovery Email Inspector, versión 2.5.1 permite que atacantes remotos eliminen archivos arbitrarios en instalaciones vulnerables, por lo que se deshabilita el servicio. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within kdump_setting.php. • http://www.securityfocus.com/bid/100076 http://www.zerodayinitiative.com/advisories/ZDI-17-503 https://success.trendmicro.com/solution/1116750 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11387 – Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11387
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512. Una vulnerabilidad de omisión de autenticación en Trend Micro Control Manager 6.0 podría permitir que se divulgue información cuando la validación de la autenticación no se realiza para la funcionalidad que puede cambiar el nivel de registro de depuración. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4512. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-497 https://success.trendmicro.com/solution/1117722 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-11388 – Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638. Una vulnerabilidad de inyección SQL en Trend Micro Control Manager 6.0 permite que se ejecute código remoto cuando RestfulServiceUtility.NET.dll no valida correctamente los strings proporcionados por el usuario antes de construir las consultas SQL. Anteriormente esta vulnerabilidad tenía los códigos ZDI-CAN-4639 y ZDI-CAN-4638. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-498 http://www.zerodayinitiative.com/advisories/ZDI-17-499 https://success.trendmicro.com/solution/1117722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2017-11389 – Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. Existe una vulnerabilidad de tipo Directory Traversal en Trend Micro Control Manager 6.0 que permite que se ejecute código remoto por atacantes capaces de ubicar archivos arbitrarios en un directorio expuesto en Internet. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4684. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-500 https://success.trendmicro.com/solution/1117722 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11390 – Trend Micro Control Manager BasePageSessionExpire External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11390
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. Existe una vulnerabilidad de procesamiento de entidades XML externas (XXE) en Trend Micro Control Manager 6.0 que, de ser explotado, podría provocar que se fugue información. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4706. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.zerodayinitiative.com/advisories/ZDI-17-501 https://success.trendmicro.com/solution/1117722 • CWE-611: Improper Restriction of XML External Entity Reference •