Vulnerability Description
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Smart Protection Server | 3.1 |
Related Weaknesses (CWE)
References
- http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-iExploitThird Party Advisory
- http://www.securityfocus.com/bid/100461Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117933MitigationPatchVendor Advisory
- http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-iExploitThird Party Advisory
- http://www.securityfocus.com/bid/100461Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117933MitigationPatchVendor Advisory
FAQ
What is CVE-2017-11395?
CVE-2017-11395 is a vulnerability with a CVSS score of 8.8 (HIGH). Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnera...
How severe is CVE-2017-11395?
CVE-2017-11395 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11395?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Smart Protection Server.