Published:2019/03/01  Last Updated:2019/03/01

JVNVU#97891221
Multiple vulnerabilities in Trend Micro Mobile Security

Overview

Trend Micro Mobile Security provided by Trend Micro Incorporated contains multiple vulnerabilities.

Products Affected

  • Trend Micro Mobile Security Mobile Security (ENT) Versions before 9.7 Patch 3

Description

Trend Micro Mobile Security provided by Trend Micro Incorporated contains multiple vulnerabilities listed below.

  • SQL injection vulnerability.
  • Authentication bypass vulnerability.
  • Remote code execution vulnerability.
  • Unrestricted upload of file vulnerability.

Impact

  • A remote attacker may execute arbitrary SQL commands - CVE-2017-14078
  • A remote attacker may upload file unlimitedly - CVE-2017-14079
  • A remote attacker may access to specific information - CVE-2017-14080
  • A remote attacker may execute arbitrary code - CVE-2017-14081

Solution

Apply a patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to address the vulnerability:

  • Trend Micro Mobile Security 9.7 Critical Patch (Build 1441)

References

  1. ZDI Published Advisories 2017
    ZDI-17-737 and ZDI-17-739 through ZDI-17-810

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Trend Micro Incorporated and JPCERT/CC coordinated.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-14078
CVE-2017-14079
CVE-2017-14080
CVE-2017-14081
JVN iPedia