Search criteria
39 vulnerabilities found for smart_protection_server by trendmicro
FKIE_CVE-2018-10350
Vulnerability from fkie_nvd - Published: 2018-05-25 15:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-18-421/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-18-421/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.0 | |
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 | |
| trendmicro | smart_protection_server | 3.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4082E4-88CC-4B48-AA49-B5EC28950D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por inyecci\u00f3n SQL en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en instalaciones vulnerables debido a un error en la gesti\u00f3n de par\u00e1metros proporcionados a wcs\\_bwlists\\_handler.php. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad."
}
],
"id": "CVE-2018-10350",
"lastModified": "2024-11-21T03:41:14.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-25T15:29:00.257",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6237
Vulnerability from fkie_nvd - Published: 2018-05-25 15:29 - Updated: 2024-11-21 04:10
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| security@trendmicro.com | https://www.tenable.com/security/research/tra-2018-10 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-10 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.0 | |
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 | |
| trendmicro | smart_protection_server | 3.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4082E4-88CC-4B48-AA49-B5EC28950D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto no autenticado manipule el producto para enviar un gran n\u00famero de peticiones HTTP especialmente manipuladas para provocar que el sistema de archivos se llene, provocando finalmente una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-6237",
"lastModified": "2024-11-21T04:10:21.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-25T15:29:00.587",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6231
Vulnerability from fkie_nvd - Published: 2018-03-15 19:29 - Updated: 2024-11-21 04:10
Severity ?
Summary
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119385 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-18-218/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119385 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-18-218/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7D59E8-336F-44B4-8290-ED72BAB35963",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n y de inyecci\u00f3n de comandos auth del servidor en Trend Micro Smart Protection Server (Standalone) en versiones 3.3 y anteriores podr\u00eda permitir que los atacantes remotos escalen privilegios en instalaciones vulnerables."
}
],
"id": "CVE-2018-6231",
"lastModified": "2024-11-21T04:10:20.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-15T19:29:01.280",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119385"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14097
Vulnerability from fkie_nvd - Published: 2018-01-19 19:29 - Updated: 2024-11-21 03:12
Severity ?
Summary
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso incorrecto en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podr\u00eda permitir que un atacante descifre el contenido de una base de datos con informaci\u00f3n que podr\u00eda emplearse para acceder a un sistema vulnerable."
}
],
"id": "CVE-2017-14097",
"lastModified": "2024-11-21T03:12:08.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.657",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-11398
Vulnerability from fkie_nvd - Published: 2018-01-19 19:29 - Updated: 2024-11-21 03:07
Severity ?
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de secuestro de sesi\u00f3n mediante divulgaci\u00f3n de logs en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante no autenticado secuestre sesiones activas de usuario para realizar peticiones autenticadas en un sistema vulnerable."
}
],
"id": "CVE-2017-11398",
"lastModified": "2024-11-21T03:07:42.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.280",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-534"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14095
Vulnerability from fkie_nvd - Published: 2018-01-19 19:29 - Updated: 2024-11-21 03:12
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante realice la ejecuci\u00f3n remota de comandos mediante una inclusi\u00f3n de archivos locales en un sistema vulnerable."
}
],
"id": "CVE-2017-14095",
"lastModified": "2024-11-21T03:12:07.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.517",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14094
Vulnerability from fkie_nvd - Published: 2018-01-19 19:29 - Updated: 2024-11-21 03:12
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante realice la ejecuci\u00f3n remota de comandos mediante una inyecci\u00f3n cron job en un sistema vulnerable."
}
],
"id": "CVE-2017-14094",
"lastModified": "2024-11-21T03:12:07.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.467",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14096
Vulnerability from fkie_nvd - Published: 2018-01-19 19:29 - Updated: 2024-11-21 03:12
Severity ?
Summary
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podr\u00eda permitir que un atacante ejecute una carga \u00fatil maliciosa en sistemas vulnerables."
}
],
"id": "CVE-2017-14096",
"lastModified": "2024-11-21T03:12:08.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.577",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-11395
Vulnerability from fkie_nvd - Published: 2017-09-22 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection | Exploit, Third Party Advisory | |
| security@trendmicro.com | http://www.securityfocus.com/bid/100461 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1117933 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1117933 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en la interfaz de usuario de administraci\u00f3n del servidor Trend Micro Smart Protection Server (Standalone) en sus versiones 3.1 y 3.2 permite que los atacantes con acceso autenticado ejecuten c\u00f3digo arbitrario en instalaciones vulnerables."
}
],
"id": "CVE-2017-11395",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-22T16:29:00.197",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"source": "security@trendmicro.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1117933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6267
Vulnerability from fkie_nvd - Published: 2017-01-30 22:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php."
},
{
"lang": "es",
"value": "SnmpUtils en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en (1) spare_Community, (2) spare_AllowGroupIP o (3) par\u00e1metro spare_AllowGroupNetmask para admin_notification.php."
}
],
"id": "CVE-2016-6267",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6266
Vulnerability from fkie_nvd - Published: 2017-01-30 22:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
},
{
"lang": "es",
"value": "Ccca_ajaxhandler.php en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en (1) el host o (2) el par\u00e1metro apikey en una acci\u00f3n de registro, (3) al habilitar un par\u00e1metro en una acci\u00f3n save_stting, o (4) el host o (5) par\u00e1metro apikey en una acci\u00f3n test_connection."
}
],
"id": "CVE-2016-6266",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6269
Vulnerability from fkie_nvd - Published: 2017-01-30 22:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de salto de directorio en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2.6 en versiones anteriores a build 2106 y 3.0 en versiones anteriores a build 1330 permiten a atacantes remotos leer y borrar archivos arbitrarios a trav\u00e9s del par\u00e1metro tmpfname para (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler .php, (3) log_mgt_ajaxhandler.php o (4) del par\u00e1metro tf para wcs_bwlists_handler.php."
}
],
"id": "CVE-2016-6269",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-6237 (GCVE-0-2018-6237)
Vulnerability from cvelistv5 – Published: 2018-05-25 15:00 – Updated: 2024-08-05 06:01
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
Severity ?
No CVSS data available.
CWE
- OTHER - DOS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - DOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-26T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6237",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10350 (GCVE-0-2018-10350)
Vulnerability from cvelistv5 – Published: 2018-05-25 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
Severity ?
No CVSS data available.
CWE
- SQL Injection RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-25T16:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-10350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-10350",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-04-24T00:00:00",
"dateUpdated": "2024-08-05T07:39:08.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6231 (GCVE-0-2018-6231)
Vulnerability from cvelistv5 – Published: 2018-03-15 19:00 – Updated: 2024-08-05 06:01
VLAI?
Summary
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
Severity ?
No CVSS data available.
CWE
- OTHER - Authentication Bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T18:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"name": "https://success.trendmicro.com/solution/1119385",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6231",
"datePublished": "2018-03-15T19:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14095 (GCVE-0-2017-14095)
Vulnerability from cvelistv5 – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-98 - OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14095",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11398 (GCVE-0-2017-11398)
Vulnerability from cvelistv5 – Published: 2018-01-19 19:00 – Updated: 2024-08-05 18:05
VLAI?
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-285 - OTHER - Information Exposure Through Log Files (CWE-285)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "OTHER - Information Exposure Through Log Files (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-11398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Information Exposure Through Log Files (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11398",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14096 (GCVE-0-2017-14096)
Vulnerability from cvelistv5 – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14096",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14097 (GCVE-0-2017-14097)
Vulnerability from cvelistv5 – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
Severity ?
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14097",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14094 (GCVE-0-2017-14094)
Vulnerability from cvelistv5 – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-78 - OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14094",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11395 (GCVE-0-2017-11395)
Vulnerability from cvelistv5 – Published: 2017-09-22 16:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Smart Protection Server (Standalone) |
Affected:
3.1
Affected: 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-23T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-11395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100461"
},
{
"name": "https://success.trendmicro.com/solution/1117933",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11395",
"datePublished": "2017-09-22T16:00:00Z",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-09-16T23:36:43.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6237 (GCVE-0-2018-6237)
Vulnerability from nvd – Published: 2018-05-25 15:00 – Updated: 2024-08-05 06:01
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
Severity ?
No CVSS data available.
CWE
- OTHER - DOS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - DOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-26T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6237",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10350 (GCVE-0-2018-10350)
Vulnerability from nvd – Published: 2018-05-25 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
Severity ?
No CVSS data available.
CWE
- SQL Injection RCE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-25T16:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-10350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-10350",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-04-24T00:00:00",
"dateUpdated": "2024-08-05T07:39:08.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6231 (GCVE-0-2018-6231)
Vulnerability from nvd – Published: 2018-03-15 19:00 – Updated: 2024-08-05 06:01
VLAI?
Summary
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
Severity ?
No CVSS data available.
CWE
- OTHER - Authentication Bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2, 3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T18:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"name": "https://success.trendmicro.com/solution/1119385",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6231",
"datePublished": "2018-03-15T19:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14095 (GCVE-0-2017-14095)
Vulnerability from nvd – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-98 - OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14095",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11398 (GCVE-0-2017-11398)
Vulnerability from nvd – Published: 2018-01-19 19:00 – Updated: 2024-08-05 18:05
VLAI?
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-285 - OTHER - Information Exposure Through Log Files (CWE-285)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "OTHER - Information Exposure Through Log Files (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-11398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Information Exposure Through Log Files (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11398",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14096 (GCVE-0-2017-14096)
Vulnerability from nvd – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14096",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14097 (GCVE-0-2017-14097)
Vulnerability from nvd – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
Severity ?
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14097",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14094 (GCVE-0-2017-14094)
Vulnerability from nvd – Published: 2018-01-19 19:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- CWE-78 - OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Affected:
3.0, 3.1, 3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14094",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11395 (GCVE-0-2017-11395)
Vulnerability from nvd – Published: 2017-09-22 16:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Smart Protection Server (Standalone) |
Affected:
3.1
Affected: 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-23T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-11395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100461"
},
{
"name": "https://success.trendmicro.com/solution/1117933",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11395",
"datePublished": "2017-09-22T16:00:00Z",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-09-16T23:36:43.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}