SQL Injection and Remote Code Execution Flaw in Trend Micro Control Manager
CVE-2018-3606

8.8HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Control Manager
Vendor
CVE Published:
9 February 2018

Summary

Multiple vulnerabilities related to SQL injection and remote code execution exist in Trend Micro Control Manager 6.0, which may allow an attacker to execute arbitrary commands on affected installations. These flaws can be exploited remotely, posing a significant risk to organizations relying on Trend Micro’s security management solution. Immediate attention and patching are advised to mitigate potential threats from malicious actors.

Affected Version(s)

Trend Micro Control Manager 6.0

References

https://www.zerodayinitiative.com/advisories/ZDI-18-092/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-18-085/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-18-110/
x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.