exploitDog

CVE-2017-11384

Опубликовано: 02 авг. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.

Ссылки

http://www.securityfocus.com/bid/100078
http://www.securitytracker.com/id/1039049
http://www.zerodayinitiative.com/advisories/ZDI-17-494
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1117722
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100078
http://www.securitytracker.com/id/1039049
http://www.zerodayinitiative.com/advisories/ZDI-17-494
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1117722
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:control_manager:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.0724

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xc3f-2gf2-6fw9

CVSS3: 9.8

github

больше 3 лет назад

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.

EPSS

Процентиль: 91%

0.0724

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89