Trendmicro Control Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Trendmicro Control Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2018-10511 — CVSS 10.0 (critical): A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery…
CVE-2018-10510 — CVSS 9.8 (critical): A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to…
CVE-2017-11385 — CVSS 9.8 (critical): SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input…
CVE-2017-11383 — CVSS 9.8 (critical): SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input…
CVE-2018-3601 — CVSS 9.8 (critical): A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass…
CVE-2017-11386 — CVSS 9.8 (critical): SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input…
CVE-2017-11384 — CVSS 9.8 (critical): SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input…
CVE-2017-11389 — CVSS 9.8 (critical): Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files…
CVE-2018-3602 — CVSS 8.8 (high): An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote…
CVE-2018-3604 — CVSS 8.8 (high): GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to…
CVE-2018-3605 — CVSS 8.8 (high): TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0…
CVE-2017-11388 — CVSS 8.8 (high): SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate…
CVE-2018-3607 — CVSS 8.8 (high): XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote…
CVE-2018-3603 — CVSS 8.8 (high): A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to…
CVE-2016-6220 — CVSS 7.5 (high): Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.
CVE-2017-11387 — CVSS 7.5 (high): Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for…
CVE-2017-11390 — CVSS 7.5 (high): XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure…
CVE-2018-10512 — CVSS 7.5 (high): A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on…
CVE-2019-14688 — CVSS 7.0 (high): Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had…
CVE-2018-3600 — CVSS 6.5 (medium): A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to…
CVE-2021-25252 — CVSS 5.5 (medium): Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may…