Vulnerabilites related to trendmicro - smart_protection_server
CVE-2017-14097 (GCVE-0-2017-14097)
Vulnerability from cvelistv5
Published
2018-01-19 19:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Access Control
Summary
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14097",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6231 (GCVE-0-2018-6231)
Vulnerability from cvelistv5
Published
2018-03-15 19:00
Modified
2024-08-05 06:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OTHER - Authentication Bypass
Summary
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2, 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T18:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"name": "https://success.trendmicro.com/solution/1119385",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6231",
"datePublished": "2018-03-15T19:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10350 (GCVE-0-2018-10350)
Vulnerability from cvelistv5
Published
2018-05-25 15:00
Modified
2024-08-05 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection RCE
Summary
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2, 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-25T16:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-10350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-10350",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-04-24T00:00:00",
"dateUpdated": "2024-08-05T07:39:08.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6269 (GCVE-0-2016-6269)
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/",
"refsource": "MISC",
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"name": "https://success.trendmicro.com/solution/1114913",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1114913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6269",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-07-21T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6266 (GCVE-0-2016-6266)
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/",
"refsource": "MISC",
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"name": "https://success.trendmicro.com/solution/1114913",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1114913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6266",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-07-21T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6268 (GCVE-0-2016-6268)
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/",
"refsource": "MISC",
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"name": "https://success.trendmicro.com/solution/1114913",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1114913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6268",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-07-21T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11395 (GCVE-0-2017-11395)
Vulnerability from cvelistv5
Published
2017-09-22 16:00
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Smart Protection Server (Standalone) |
Version: 3.1 Version: 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-23T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-11395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"name": "100461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100461"
},
{
"name": "https://success.trendmicro.com/solution/1117933",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11395",
"datePublished": "2017-09-22T16:00:00Z",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-09-16T23:36:43.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14094 (GCVE-0-2017-14094)
Vulnerability from cvelistv5
Published
2018-01-19 19:00
Modified
2024-08-05 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OTHER - Improper Neutralization of Special Elements used in an OS Command ()
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Neutralization of Special Elements used in an OS Command (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14094",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14095 (GCVE-0-2017-14095)
Vulnerability from cvelistv5
Published
2018-01-19 19:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - OTHER - Improper Control of Filename for Include/Require Statement in PHP Program ()
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14095",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14096 (GCVE-0-2017-14096)
Vulnerability from cvelistv5
Published
2018-01-19 19:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross Site Scripting (XSS)
Summary
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-14096",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6267 (GCVE-0-2016-6267)
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/",
"refsource": "MISC",
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"name": "https://success.trendmicro.com/solution/1114913",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1114913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6267",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-07-21T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6237 (GCVE-0-2018-6237)
Vulnerability from cvelistv5
Published
2018-05-25 15:00
Modified
2024-08-05 06:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OTHER - DOS
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2, 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2, 3.3"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OTHER - DOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-26T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1119715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2, 3.3"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"name": "https://success.trendmicro.com/solution/1119715",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-6237",
"datePublished": "2018-05-25T15:00:00",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-08-05T06:01:47.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11398 (GCVE-0-2017-11398)
Vulnerability from cvelistv5
Published
2018-01-19 19:00
Modified
2024-08-05 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - OTHER - Information Exposure Through Log Files ()
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) |
Version: 3.0, 3.1, 3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Smart Protection Server (Standalone)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.0, 3.1, 3.2"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "OTHER - Information Exposure Through Log Files (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-20T10:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"name": "43388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-11398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Smart Protection Server (Standalone)",
"version": {
"version_data": [
{
"version_value": "3.0, 3.1, 3.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OTHER - Information Exposure Through Log Files (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"name": "102275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102275"
},
{
"name": "https://success.trendmicro.com/solution/1118992",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2017-11398",
"datePublished": "2018-01-19T19:00:00",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de salto de directorio en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2.6 en versiones anteriores a build 2106 y 3.0 en versiones anteriores a build 1330 permiten a atacantes remotos leer y borrar archivos arbitrarios a trav\u00e9s del par\u00e1metro tmpfname para (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler .php, (3) log_mgt_ajaxhandler.php o (4) del par\u00e1metro tf para wcs_bwlists_handler.php."
}
],
"id": "CVE-2016-6269",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-22 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection | Exploit, Third Party Advisory | |
| security@trendmicro.com | http://www.securityfocus.com/bid/100461 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1117933 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1117933 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en la interfaz de usuario de administraci\u00f3n del servidor Trend Micro Smart Protection Server (Standalone) en sus versiones 3.1 y 3.2 permite que los atacantes con acceso autenticado ejecuten c\u00f3digo arbitrario en instalaciones vulnerables."
}
],
"id": "CVE-2017-11395",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-22T16:29:00.197",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"source": "security@trendmicro.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1117933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1117933"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory."
},
{
"lang": "es",
"value": "Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a los usuarios locales de webserv ejecutar c\u00f3digo arbitrario con privilegios de root a trav\u00e9s de un archivo troyano .war en el directorio Solr webapps."
}
],
"id": "CVE-2016-6268",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-25 15:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| security@trendmicro.com | https://www.tenable.com/security/research/tra-2018-10 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-10 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.0 | |
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 | |
| trendmicro | smart_protection_server | 3.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4082E4-88CC-4B48-AA49-B5EC28950D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto no autenticado manipule el producto para enviar un gran n\u00famero de peticiones HTTP especialmente manipuladas para provocar que el sistema de archivos se llene, provocando finalmente una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-6237",
"lastModified": "2024-11-21T04:10:21.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-25T15:29:00.587",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-10"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-25 15:29
Modified
2024-11-21 03:41
Severity ?
Summary
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-18-421/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-18-421/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 3.0 | |
| trendmicro | smart_protection_server | 3.1 | |
| trendmicro | smart_protection_server | 3.2 | |
| trendmicro | smart_protection_server | 3.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4082E4-88CC-4B48-AA49-B5EC28950D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por inyecci\u00f3n SQL en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en instalaciones vulnerables debido a un error en la gesti\u00f3n de par\u00e1metros proporcionados a wcs\\_bwlists\\_handler.php. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad."
}
],
"id": "CVE-2018-10350",
"lastModified": "2024-11-21T03:41:14.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-25T15:29:00.257",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 19:29
Modified
2024-11-21 03:12
Severity ?
Summary
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso incorrecto en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podr\u00eda permitir que un atacante descifre el contenido de una base de datos con informaci\u00f3n que podr\u00eda emplearse para acceder a un sistema vulnerable."
}
],
"id": "CVE-2017-14097",
"lastModified": "2024-11-21T03:12:08.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.657",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 19:29
Modified
2024-11-21 03:12
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante realice la ejecuci\u00f3n remota de comandos mediante una inclusi\u00f3n de archivos locales en un sistema vulnerable."
}
],
"id": "CVE-2017-14095",
"lastModified": "2024-11-21T03:12:07.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.517",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 19:29
Modified
2024-11-21 03:07
Severity ?
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de secuestro de sesi\u00f3n mediante divulgaci\u00f3n de logs en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante no autenticado secuestre sesiones activas de usuario para realizar peticiones autenticadas en un sistema vulnerable."
}
],
"id": "CVE-2017-11398",
"lastModified": "2024-11-21T03:07:42.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.280",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-534"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-15 19:29
Modified
2024-11-21 04:10
Severity ?
Summary
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/1119385 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-18-218/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1119385 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-18-218/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7D59E8-336F-44B4-8290-ED72BAB35963",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n y de inyecci\u00f3n de comandos auth del servidor en Trend Micro Smart Protection Server (Standalone) en versiones 3.3 y anteriores podr\u00eda permitir que los atacantes remotos escalen privilegios en instalaciones vulnerables."
}
],
"id": "CVE-2018-6231",
"lastModified": "2024-11-21T04:10:20.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-15T19:29:01.280",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119385"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1119385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-218/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 19:29
Modified
2024-11-21 03:12
Severity ?
Summary
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podr\u00eda permitir que un atacante ejecute una carga \u00fatil maliciosa en sistemas vulnerables."
}
],
"id": "CVE-2017-14096",
"lastModified": "2024-11-21T03:12:08.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.577",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 19:29
Modified
2024-11-21 03:12
Severity ?
Summary
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| security@trendmicro.com | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| security@trendmicro.com | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1118992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43388/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6330B-124B-4702-BC1E-7A27F24CF5E9",
"versionEndIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podr\u00eda permitir que un atacante realice la ejecuci\u00f3n remota de comandos mediante una inyecci\u00f3n cron job en un sistema vulnerable."
}
],
"id": "CVE-2017-14094",
"lastModified": "2024-11-21T03:12:07.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T19:29:00.467",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1118992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43388/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php."
},
{
"lang": "es",
"value": "SnmpUtils en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en (1) spare_Community, (2) spare_AllowGroupIP o (3) par\u00e1metro spare_AllowGroupNetmask para admin_notification.php."
}
],
"id": "CVE-2016-6267",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/1114913 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | smart_protection_server | 2.5 | |
| trendmicro | smart_protection_server | 2.6 | |
| trendmicro | smart_protection_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDFD747-231F-4689-BCBD-F91377B5EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF329471-F913-4F88-B5F8-CB0C088AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."
},
{
"lang": "es",
"value": "Ccca_ajaxhandler.php en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en (1) el host o (2) el par\u00e1metro apikey en una acci\u00f3n de registro, (3) al habilitar un par\u00e1metro en una acci\u00f3n save_stting, o (4) el host o (5) par\u00e1metro apikey en una acci\u00f3n test_connection."
}
],
"id": "CVE-2016-6266",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/1114913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}