CVE-2018-6231

Description

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.

Affected products

• Trend Micro / Trend Micro Smart Protection Server (Standalone)3.0, 3.1, 3.2, 3.3 – 3.0, 3.1, 3.2, 3.3

References

• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-18-218/
• MISChttps://success.trendmicro.com/solution/1119385