CVE-2017-11383

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

6.8%

top 8.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Control Manager

Timeline

PublishedAug 2

Latest updateMay 17

Description

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtrendmicro/control_manager6.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-vmp4-xvgp-pv6m: SQL Injection in Trend Micro Control Manager 6↗2022-05-17

▶

CVEList

CVE-2017-11383: SQL Injection in Trend Micro Control Manager 6↗2017-08-02

▶