Sign-up

ID

VAR-190001-1102


TITLE

Trend Micro Control Manager 'module' Parameter directory traversal vulnerability

Trust: 1.7

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2681 // BID: 48662 // CNNVD: CNNVD-201107-183

DESCRIPTION

Trend Micro Control Manager (TMCM) is a centralized security management console from Trend Micro that enables unified coordination of Trend Micro products and services. The input passed to the WebApp/widget/proxy_request.php script via the \"module\" parameter is missing validation before being used to read the file, and the attacker can read any file in the local resource through the directory traversal sequence. Trend Micro Control Manager is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver process. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Trend Micro Control Manager "module" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA44970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44970 RELEASE DATE: 2011-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/44970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sow Ching Shiong has discovered a vulnerability in Trend Micro Control Manager, which can be exploited by malicious users to disclose sensitive information. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also be affected. SOLUTION: Apply hotfix 1470. Please contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: Sow Ching Shiong via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: CNVD: CNVD-2011-2681 // BID: 48662 // IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // PACKETSTORM: 103026

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2681

AFFECTED PRODUCTS

vendor:trend micromodel:control manager buildscope:eqversion:5.51250

Trust: 1.1

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2681 // BID: 48662

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-183

TYPE

Path traversal

Trust: 0.8

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201107-183

PATCH

title:Trend Micro Control Manager 'module' parameter directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/4411

Trust: 0.6

sources: CNVD: CNVD-2011-2681

EXTERNAL IDS

db:BIDid:48662

Trust: 1.5

db:CNVDid:CNVD-2011-2681

Trust: 0.8

db:SECUNIAid:44970

Trust: 0.7

db:CNNVDid:CNNVD-201107-183

Trust: 0.6

db:IVDid:A7C8CD12-1F8F-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:103026

Trust: 0.1

sources: IVD: a7c8cd12-1f8f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2681 // BID: 48662 // PACKETSTORM: 103026 // CNNVD: CNNVD-201107-183

REFERENCES

url:http://secunia.com/advisories/44970/

Trust: 0.7

url:http://www.securityfocus.com/bid/48662

Trust: 0.6

url:http://www.trendmicro.com/en/products/management/tmcm/evaluate/overview.htm

Trust: 0.3

url:http://secunia.com/advisories/44970/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44970

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-2681 // BID: 48662 // PACKETSTORM: 103026 // CNNVD: CNNVD-201107-183

CREDITS

Sow Ching Shiong

Trust: 0.9

sources: BID: 48662 // CNNVD: CNNVD-201107-183

SOURCES

db:IVDid:a7c8cd12-1f8f-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-2681
db:BIDid:48662
db:PACKETSTORMid:103026
db:CNNVDid:CNNVD-201107-183

LAST UPDATE DATE

2022-05-17T22:52:21.864000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-2681date:2011-07-14T00:00:00
db:BIDid:48662date:2011-07-13T00:00:00
db:CNNVDid:CNNVD-201107-183date:2011-07-15T00:00:00

SOURCES RELEASE DATE

db:IVDid:a7c8cd12-1f8f-11e6-abef-000c29c66e3ddate:2011-07-14T00:00:00
db:CNVDid:CNVD-2011-2681date:2011-07-14T00:00:00
db:BIDid:48662date:2011-07-13T00:00:00
db:PACKETSTORMid:103026date:2011-07-13T03:49:30
db:CNNVDid:CNNVD-201107-183date:1900-01-01T00:00:00