threat
engine
.sh
Back
·
··:··
Home
/
Product
/
trendmicro control manager
Product
trendmicro control manager
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-25252
all versions
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability
5.5
MEDIUM
CVE-2019-14688
all versions
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package
7.0
HIGH
CVE-2019-7003
>= 7.0 and < 8.0.4.0
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execu
10.0
CRITICAL
CVE-2018-10512
all versions
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll o
7.5
HIGH
CVE-2018-10511
all versions
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for
10.0
CRITICAL
CVE-2018-10510
all versions
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an att
9.8
CRITICAL
CVE-2018-3607
all versions
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remo
8.8
HIGH
CVE-2018-3606
all versions
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend
8.8
HIGH
CVE-2018-3605
all versions
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Mana
8.8
HIGH
CVE-2018-3604
all versions
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote at
8.8
HIGH
CVE-2018-3603
all versions
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote atta
8.8
HIGH
CVE-2018-3602
all versions
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a r
8.8
HIGH
CVE-2018-3601
all versions
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypa
9.8
CRITICAL
CVE-2018-3600
all versions
A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote at
6.5
MEDIUM
CVE-2016-6220
all versions
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.
7.5
HIGH
CVE-2017-11390
all versions
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information dis
7.5
HIGH
CVE-2017-11389
all versions
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitr
9.8
CRITICAL
CVE-2017-11388
all versions
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly
8.8
HIGH
CVE-2017-11387
all versions
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done
7.5
HIGH
CVE-2017-11386
all versions
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper u
9.8
CRITICAL
CVE-2017-11385
all versions
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper u
9.8
CRITICAL
CVE-2017-11384
all versions
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper u
9.8
CRITICAL
CVE-2017-11383
all versions
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper u
9.8
CRITICAL
CVE-2012-2998
<= 5.5
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.
CVE-2011-5001
<= 5.5
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in
CVE-2007-0851
all versions
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such
CVE-2006-3261
all versions
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web
CVE-2005-0533
all versions
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows r
CVE-2005-0383
all versions
Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin