RULE(RULE ID:316843)

Rule General Information
Release Date: 2019-02-19
Rule Name: Trend Micro Control Manager Producttree Information Disclosure Vulnerability (CVE-2016-6220)
Severity:
CVE ID:
Rule Protection Details
Description: An XML external entity (XXE) processing vulnerability was found in in Trend Micro Control Manager. The vulnerability is caused by no validation of user-supplied input prior to execute an XML query in ProductTree.aspx.
Impact: An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.
Affected OS: Windows, Other Unix, FreeBSD, Linux
Reference: SecurityFocusBID:92363
https://success.trendmicro.com/solution/1114749
ZeroDayInitiative:ZDI-16-459
Solutions
More advisories have been published on the website, please visit for more suggestions:
https://success.trendmicro.com/solution/1114749