exploitDog

CVE-2018-3607

Опубликовано: 09 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Ссылки

https://success.trendmicro.com/solution/1119158
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-18-090/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-18-094/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-18-109/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1119158
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-18-090/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-18-094/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-18-109/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:control_manager:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09919

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-vqjx-wrfg-jpf2

CVSS3: 8.8

github

больше 3 лет назад

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

EPSS

Процентиль: 93%

0.09919

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89