Published:2019/03/01 Last Updated:2019/03/01
JVNVU#97891221
Multiple vulnerabilities in Trend Micro Mobile Security
Overview
Trend Micro Mobile Security provided by Trend Micro Incorporated contains multiple vulnerabilities.
Products Affected
- Trend Micro Mobile Security Mobile Security (ENT) Versions before 9.7 Patch 3
Description
Trend Micro Mobile Security provided by Trend Micro Incorporated contains multiple vulnerabilities listed below.
- SQL injection vulnerability.
- Authentication bypass vulnerability.
- Remote code execution vulnerability.
- Unrestricted upload of file vulnerability.
Impact
- A remote attacker may execute arbitrary SQL commands - CVE-2017-14078
- A remote attacker may upload file unlimitedly - CVE-2017-14079
- A remote attacker may access to specific information - CVE-2017-14080
- A remote attacker may execute arbitrary code - CVE-2017-14081
Solution
Apply a patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to address the vulnerability:
- Trend Micro Mobile Security 9.7 Critical Patch (Build 1441)
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: Trend Micro Mobile Security (Enterprise) Multiple Vulnerabilities |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Trend Micro Incorporated and JPCERT/CC coordinated.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-14078 |
|
CVE-2017-14079 |
|
|
CVE-2017-14080 |
|
|
CVE-2017-14081 |
|
| JVN iPedia |
|