VAR-201604-0114
Vulnerability from variot - Updated: 2023-12-18 12:30The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry's foresight with unique service concepts And leadership
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "password manager",
"scope": null,
"trust": 2.0,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": null
},
{
"model": "trend micro",
"scope": null,
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "password manager",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "trend micro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:password_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tavis Ormandy of Google.",
"sources": [
{
"db": "BID",
"id": "80260"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.9
},
"cve": "CVE-2016-3987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-3987",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-00228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3987",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3987",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry\u0027s foresight with unique service concepts And leadership",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
],
"trust": 4.68
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39218",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3987",
"trust": 3.8
},
{
"db": "EXPLOIT-DB",
"id": "39218",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "135222",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1034662",
"trust": 1.7
},
{
"db": "BID",
"id": "80260",
"trust": 1.6
},
{
"db": "EXPLOITDB",
"id": "39218",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276",
"trust": 0.6
},
{
"db": "IVD",
"id": "E06590A6-1E3B-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "215A3F74-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "BC0981BA-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"id": "VAR-201604-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
],
"trust": 0.24
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
]
},
"last_update_date": "2023-12-18T12:30:03.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Issue 693",
"trust": 0.8,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=693\u0026redir=1"
},
{
"title": "Information on Reported Vulnerabilities in Trend Micro Password Manager",
"trust": 0.8,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"title": "Trend Micro Password Manager HTTP server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74080"
},
{
"title": "Trend Micro Password Manager has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70202"
},
{
"title": "TrendMicro node.js http server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70044"
},
{
"title": "Trend Micro Password Manager HTTP Repair measures for server arbitrary command execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.exploit-db.com/exploits/39218/"
},
{
"trust": 2.3,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"trust": 2.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/135222/trendmicro-node.js-http-server-command-execution.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034662"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/80260"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3987"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3987"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://www.trendmicro.com/us/home/products/software/password-manager/index.html"
},
{
"trust": 0.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693\u0026can=1\u0026sort=-id"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-19T00:00:00",
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-15T00:00:00",
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-11T00:00:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2016-04-12T02:00:10.430000",
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2016-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-07-06T14:23:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2021-09-09T17:40:45.163000",
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro Password Manager HTTP Server arbitrary command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…