var-201604-0114
Vulnerability from variot
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry's foresight with unique service concepts And leadership
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "password manager",
"scope": null,
"trust": 2.0,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": null
},
{
"model": "trend micro",
"scope": null,
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "password manager",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "trend micro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:password_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tavis Ormandy of Google.",
"sources": [
{
"db": "BID",
"id": "80260"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.9
},
"cve": "CVE-2016-3987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-3987",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-00228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3987",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3987",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry\u0027s foresight with unique service concepts And leadership",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
],
"trust": 4.68
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39218",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3987",
"trust": 3.8
},
{
"db": "EXPLOIT-DB",
"id": "39218",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "135222",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1034662",
"trust": 1.7
},
{
"db": "BID",
"id": "80260",
"trust": 1.6
},
{
"db": "EXPLOITDB",
"id": "39218",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276",
"trust": 0.6
},
{
"db": "IVD",
"id": "E06590A6-1E3B-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "215A3F74-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "BC0981BA-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"id": "VAR-201604-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
],
"trust": 0.24
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
]
},
"last_update_date": "2023-12-18T12:30:03.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Issue 693",
"trust": 0.8,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=693\u0026redir=1"
},
{
"title": "Information on Reported Vulnerabilities in Trend Micro Password Manager",
"trust": 0.8,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"title": "Trend Micro Password Manager HTTP server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74080"
},
{
"title": "Trend Micro Password Manager has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70202"
},
{
"title": "TrendMicro node.js http server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70044"
},
{
"title": "Trend Micro Password Manager HTTP Repair measures for server arbitrary command execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.exploit-db.com/exploits/39218/"
},
{
"trust": 2.3,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"trust": 2.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/135222/trendmicro-node.js-http-server-command-execution.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034662"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/80260"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3987"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3987"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://www.trendmicro.com/us/home/products/software/password-manager/index.html"
},
{
"trust": 0.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693\u0026can=1\u0026sort=-id"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-19T00:00:00",
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-15T00:00:00",
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-11T00:00:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2016-04-12T02:00:10.430000",
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2016-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-07-06T14:23:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2021-09-09T17:40:45.163000",
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro Password Manager HTTP Server arbitrary command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.