CVE-2018-3600

Published: Feb 9, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.

Affected (1)

Products: Trendmicro: Control Manager

Trendmicro

1 product

Control Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Control Manager	Version 6.0

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://success.trendmicro.com/solution/1119158

Source: security@trendmicro.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-18-111/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1119158

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-18-111/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.