virus logo Intrusion Prevention

Trend.Micro.Control.Manager.RightWindow.Information.Disclosure

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Trend Micro Control Manager.
The vulnerability is due to insufficient validation in the user supplied request, when parsing an XML external entity (XXE). A remote attacker may be able to read arbitrary files in the targeted system, via a crafted HTTP request.

affected-products-logoAffected Products

Trend Micro Control Manager 6.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest update from the vendor.
https://success.trendmicro.com/solution/1116624

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

ZDI-17-077
ID 43862
Created Apr 17, 2017
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows
Affected App Other