Vulnerabilites related to Trend Micro - Smart Protection Server (Standalone)
CVE-2017-11395 (GCVE-0-2017-11395)
Vulnerability from cvelistv5
Published
2017-09-22 16:00
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Smart Protection Server (Standalone) |
Version: 3.1 Version: 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-23T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-11395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100461"
},
{
"name": "https://success.trendmicro.com/solution/1117933",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11395",
"datePublished": "2017-09-22T16:00:00Z",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-09-16T23:36:43.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}