nvd-json-data-feeds/CVE-2017/CVE-2017-113xx/CVE-2017-11387.json

{
  "id": "CVE-2017-11387",
  "sourceIdentifier": "security@trendmicro.com",
  "published": "2017-08-02T21:29:00.337",
  "lastModified": "2017-08-06T01:29:00.733",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Trend Micro Control Manager 6.0 podr\u00eda permitir que se divulgue informaci\u00f3n cuando la validaci\u00f3n de la autenticaci\u00f3n no se realiza para la funcionalidad que puede cambiar el nivel de registro de depuraci\u00f3n. Anteriormente esta vulnerabilidad ten\u00eda el c\u00f3digo ZDI-CAN-4512."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:trendmicro:control_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7E3779-69E4-46AB-94E3-4A81E35A5194"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/100078",
      "source": "security@trendmicro.com"
    },
    {
      "url": "http://www.securitytracker.com/id/1039049",
      "source": "security@trendmicro.com"
    },
    {
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-497",
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://success.trendmicro.com/solution/1117722",
      "source": "security@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2017-11387",`
			`"sourceIdentifier": "security@trendmicro.com",`
			`"published": "2017-08-02T21:29:00.337",`
			`"lastModified": "2017-08-06T01:29:00.733",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Trend Micro Control Manager 6.0 podr\u00eda permitir que se divulgue informaci\u00f3n cuando la validaci\u00f3n de la autenticaci\u00f3n no se realiza para la funcionalidad que puede cambiar el nivel de registro de depuraci\u00f3n. Anteriormente esta vulnerabilidad ten\u00eda el c\u00f3digo ZDI-CAN-4512."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-200"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:trendmicro:control_manager:6.0:::::::*",`
			`"matchCriteriaId": "2F7E3779-69E4-46AB-94E3-4A81E35A5194"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://www.securityfocus.com/bid/100078",`
			`"source": "security@trendmicro.com"`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1039049",`
			`"source": "security@trendmicro.com"`
			`},`
			`{`
			`"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-497",`
			`"source": "security@trendmicro.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://success.trendmicro.com/solution/1117722",`
			`"source": "security@trendmicro.com",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`