CVE-2018-3604

{"id": "CVE-2018-3604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-02-09T22:29:00.897", "references": [{"url": "https://success.trendmicro.com/solution/1119158", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) por inyecci\u00f3n SQL en el m\u00e9todo GetXXX en Trend Micro Control Manager 6.0 podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en instalaciones vulnerables."}], "lastModified": "2018-02-27T19:29:34.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:control_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7E3779-69E4-46AB-94E3-4A81E35A5194"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}