Trendmicro Control Manager vulnerabilities

CVE-2017-11387 [HIGH] CWE-200 CVE-2017-11387: Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authenti Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.

CVE-2017-11388 [HIGH] CWE-89 CVE-2017-11388: SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUti SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.