Vulnerabilities for Smart protection server (...) - CXSECURITY.COM

Vulnerabilities for 'Smart protection server'

2018-05-25

CVE-2018-6237

CWE-400

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.

CVE-2018-10350

CWE-89

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.

2018-03-15

CVE-2018-6231

CWE-78

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.

2018-01-19

CVE-2017-14097

CWE-noinfo

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

CVE-2017-14096

CWE-79

A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.

CVE-2017-14095

CWE-829

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.

CVE-2017-14094

CWE-74

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.

CVE-2017-11398

CWE-534

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

2017-09-22

CVE-2017-11395

CWE-78

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

>>> Vendor: Trendmicro 52 Products

Control manager

Interscan messaging security suite

Interscan web security suite

Trend micro antivirus

Internet security

Interscan web security virtual appliance

Mobile security

Trend micro internet security

Internet security 2010

Web security virtual appliance

Interscan messaging security virtual appliance

Deep discovery inspector

Password manager

Email encryption gateway

Business security

Smart protection server

Maximum security

Premium security

Threat discovery appliance

Deep discovery director

Deep discovery email inspector

Trend micro control manager

Encryption for email

Worry-free business security

Endpoint application control

Antivirus + security

Officescan monthly

Antivirus + security 2019

Internet security 2019

Maximum security 2019

Micro security 2019

Premium security 2019

Deep security manager

Vulnerability protection

Housecall for home networks

Deep security as a service

Antivirus for mac

Home network security

Officescan business security

Worry-free business security services

Serverprotect for network appliance filer

Copyright 2024, cxsecurity.com