Published:2017/11/01 Last Updated:2017/11/01
JVNVU#94207433
Multiple vulnerabilities in Trend Micro Control Manager
Overview
Trend Micro Control Manager provided by Trend Micro Incorporated contains multiple vulnerabilities.
Products Affected
- Trend Micro Control Manager 6.0
Description
Trend Micro Control Manager provided by Trend Micro Incorporated contains multiple vulnerabilities.
Impact
- A remote attacker may cause SQL injection attacks and upload/execute arbitrary code
- A remote attacker may bypass debug setting function's authentication and disclose sensitive information
- A remote attacker may execute arbitrary code, escalate privilege and cause directory traversal attack on the server
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to address these vulnerabilities.
- Trend Micro Control Manager 6.0 SP3 Patch 3
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: Trend Micro Control Manager 6.0 Multiple Vulnerabilities |
References
JPCERT/CC Addendum
This advisory mentions the vulnerabilities that are published on the TippingPoint Zero Day Initiative advisories listed below.
| ZDI-17-493 (CVE-2017-11383) | ZDI-17-494 (CVE-2017-11384) | ZDI-17-495 (CVE-2017-11385) | ZDI-17-496 (CVE-2017-11386) | ZDI-17-497 (CVE-2017-11387) |
| ZDI-17-498 (CVE-2017-11388) | ZDI-17-499 (CVE-2017-11388) | ZDI-17-500 (CVE-2017-11389) | ZDI-17-501 (CVE-2017-11390) | ZDI-17-502 (CVE-2017-11391) |
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Trend Micro Incorporated and JPCERT/CC coordinated.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-11383 |
|
CVE-2017-11384 |
|
|
CVE-2017-11385 |
|
|
CVE-2017-11386 |
|
|
CVE-2017-11387 |
|
|
CVE-2017-11388 |
|
|
CVE-2017-11389 |
|
|
CVE-2017-11390 |
|
| JVN iPedia |