CVE-2017-11387

Published: Aug 2, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.

Affected (1)

Products: Trendmicro: Control Manager

Trendmicro

1 product

Control Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Control Manager	Version 6.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/100078

Source: security@trendmicro.com

http://www.securitytracker.com/id/1039049

Source: security@trendmicro.com

http://www.zerodayinitiative.com/advisories/ZDI-17-497

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1117722

Source: security@trendmicro.com

PatchVendor Advisory

http://www.securityfocus.com/bid/100078

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1039049

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-17-497

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1117722

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.