Vulnerability in Trend Micro Control Manager
CVE-2018-3604
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
EPSS: 0.691 (99.3th percentile) — read the EPSS interpretation.
Affected products
- Trend Micro Control Manager — versions 6.0
References
- www.zerodayinitiative.com/advisories/ZDI-18-088/ (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-18-084/ (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-18-067/ (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-18-097/ (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-18-102/ (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-18-095/ (x_refsource_MISC)
- success.trendmicro.com/solution/1119158 (x_refsource_CONFIRM)
- www.zerodayinitiative.com/advisories/ZDI-18-096/ (x_refsource_MISC)