CVE-2017-11390: XEE
First published: Wed Aug 02 2017(Updated: )
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Control Manager | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11390?
CVE-2017-11390 is rated as medium severity due to its potential for information disclosure.
How do I fix CVE-2017-11390?
To mitigate CVE-2017-11390, update Trend Micro Control Manager to a version that addresses the XML external entity processing vulnerability.
What is an XML external entity (XXE) vulnerability as referenced in CVE-2017-11390?
An XML external entity vulnerability allows attackers to interfere with the processing of XML data and can lead to unauthorized access to sensitive data.
Which version of Trend Micro Control Manager is affected by CVE-2017-11390?
CVE-2017-11390 specifically affects Trend Micro Control Manager version 6.0.
Can CVE-2017-11390 lead to data breaches?
Yes, if exploited, CVE-2017-11390 could lead to information disclosure, potentially resulting in data breaches.
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro control manager
- version/trend micro control manager/6.0