NVD脆弱性詳細

CVE-2017-14078

概要	SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
公表日	2017年9月23日1:29
登録日	2021年1月26日13:15
最終更新日	2024年11月21日12:12

CVSS3.0 : CRITICAL
スコア	9.8
ベクター	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
スコア	10.0
ベクター	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:trendmicro:mobile_security:9.7::::enterprise:::

関連情報、対策とツール

No	URL	タグ
1	http://www.securityfocus.com/bid/100966	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/100966	Third Party Advisory VDB Entry
3	http://www.zerodayinitiative.com/advisories/ZDI-17-739	Third Party Advisory VDB Entry
4	http://www.zerodayinitiative.com/advisories/ZDI-17-739	Third Party Advisory VDB Entry
5	http://www.zerodayinitiative.com/advisories/ZDI-17-740	Third Party Advisory VDB Entry
6	http://www.zerodayinitiative.com/advisories/ZDI-17-740	Third Party Advisory VDB Entry
7	http://www.zerodayinitiative.com/advisories/ZDI-17-741	Third Party Advisory VDB Entry
8	http://www.zerodayinitiative.com/advisories/ZDI-17-741	Third Party Advisory VDB Entry
9	http://www.zerodayinitiative.com/advisories/ZDI-17-742	Third Party Advisory VDB Entry
10	http://www.zerodayinitiative.com/advisories/ZDI-17-742	Third Party Advisory VDB Entry
11	http://www.zerodayinitiative.com/advisories/ZDI-17-743	Third Party Advisory VDB Entry
12	http://www.zerodayinitiative.com/advisories/ZDI-17-743	Third Party Advisory VDB Entry
13	http://www.zerodayinitiative.com/advisories/ZDI-17-744	Third Party Advisory VDB Entry
14	http://www.zerodayinitiative.com/advisories/ZDI-17-744	Third Party Advisory VDB Entry
15	http://www.zerodayinitiative.com/advisories/ZDI-17-745	Third Party Advisory VDB Entry
16	http://www.zerodayinitiative.com/advisories/ZDI-17-745	Third Party Advisory VDB Entry
17	http://www.zerodayinitiative.com/advisories/ZDI-17-746	Third Party Advisory VDB Entry
18	http://www.zerodayinitiative.com/advisories/ZDI-17-746	Third Party Advisory VDB Entry
19	http://www.zerodayinitiative.com/advisories/ZDI-17-747	Third Party Advisory VDB Entry
20	http://www.zerodayinitiative.com/advisories/ZDI-17-747	Third Party Advisory VDB Entry
21	http://www.zerodayinitiative.com/advisories/ZDI-17-748	Third Party Advisory VDB Entry
22	http://www.zerodayinitiative.com/advisories/ZDI-17-748	Third Party Advisory VDB Entry
23	http://www.zerodayinitiative.com/advisories/ZDI-17-749	Third Party Advisory VDB Entry
24	http://www.zerodayinitiative.com/advisories/ZDI-17-749	Third Party Advisory VDB Entry
25	http://www.zerodayinitiative.com/advisories/ZDI-17-750	Third Party Advisory VDB Entry
26	http://www.zerodayinitiative.com/advisories/ZDI-17-750	Third Party Advisory VDB Entry
27	http://www.zerodayinitiative.com/advisories/ZDI-17-751	Third Party Advisory VDB Entry
28	http://www.zerodayinitiative.com/advisories/ZDI-17-751	Third Party Advisory VDB Entry
29	http://www.zerodayinitiative.com/advisories/ZDI-17-753	Third Party Advisory VDB Entry
30	http://www.zerodayinitiative.com/advisories/ZDI-17-753	Third Party Advisory VDB Entry
31	http://www.zerodayinitiative.com/advisories/ZDI-17-754	Third Party Advisory VDB Entry
32	http://www.zerodayinitiative.com/advisories/ZDI-17-754	Third Party Advisory VDB Entry
33	http://www.zerodayinitiative.com/advisories/ZDI-17-755	Third Party Advisory VDB Entry
34	http://www.zerodayinitiative.com/advisories/ZDI-17-755	Third Party Advisory VDB Entry
35	http://www.zerodayinitiative.com/advisories/ZDI-17-756	Third Party Advisory VDB Entry
36	http://www.zerodayinitiative.com/advisories/ZDI-17-756	Third Party Advisory VDB Entry
37	http://www.zerodayinitiative.com/advisories/ZDI-17-757	Third Party Advisory VDB Entry
38	http://www.zerodayinitiative.com/advisories/ZDI-17-757	Third Party Advisory VDB Entry
39	http://www.zerodayinitiative.com/advisories/ZDI-17-758	Third Party Advisory VDB Entry
40	http://www.zerodayinitiative.com/advisories/ZDI-17-758	Third Party Advisory VDB Entry
41	http://www.zerodayinitiative.com/advisories/ZDI-17-759	Third Party Advisory VDB Entry
42	http://www.zerodayinitiative.com/advisories/ZDI-17-759	Third Party Advisory VDB Entry
43	http://www.zerodayinitiative.com/advisories/ZDI-17-760	Third Party Advisory VDB Entry
44	http://www.zerodayinitiative.com/advisories/ZDI-17-760	Third Party Advisory VDB Entry
45	http://www.zerodayinitiative.com/advisories/ZDI-17-761	Third Party Advisory VDB Entry
46	http://www.zerodayinitiative.com/advisories/ZDI-17-761	Third Party Advisory VDB Entry
47	http://www.zerodayinitiative.com/advisories/ZDI-17-762	Third Party Advisory VDB Entry
48	http://www.zerodayinitiative.com/advisories/ZDI-17-762	Third Party Advisory VDB Entry
49	http://www.zerodayinitiative.com/advisories/ZDI-17-763	Third Party Advisory VDB Entry
50	http://www.zerodayinitiative.com/advisories/ZDI-17-763	Third Party Advisory VDB Entry
51	http://www.zerodayinitiative.com/advisories/ZDI-17-764	Third Party Advisory VDB Entry
52	http://www.zerodayinitiative.com/advisories/ZDI-17-764	Third Party Advisory VDB Entry
53	http://www.zerodayinitiative.com/advisories/ZDI-17-765	Third Party Advisory VDB Entry
54	http://www.zerodayinitiative.com/advisories/ZDI-17-765	Third Party Advisory VDB Entry
55	http://www.zerodayinitiative.com/advisories/ZDI-17-766	Third Party Advisory VDB Entry
56	http://www.zerodayinitiative.com/advisories/ZDI-17-766	Third Party Advisory VDB Entry
57	http://www.zerodayinitiative.com/advisories/ZDI-17-768	Third Party Advisory VDB Entry
58	http://www.zerodayinitiative.com/advisories/ZDI-17-768	Third Party Advisory VDB Entry
59	http://www.zerodayinitiative.com/advisories/ZDI-17-769	Third Party Advisory VDB Entry
60	http://www.zerodayinitiative.com/advisories/ZDI-17-769	Third Party Advisory VDB Entry
61	http://www.zerodayinitiative.com/advisories/ZDI-17-770	Third Party Advisory VDB Entry
62	http://www.zerodayinitiative.com/advisories/ZDI-17-770	Third Party Advisory VDB Entry
63	http://www.zerodayinitiative.com/advisories/ZDI-17-771	Third Party Advisory VDB Entry
64	http://www.zerodayinitiative.com/advisories/ZDI-17-771	Third Party Advisory VDB Entry
65	http://www.zerodayinitiative.com/advisories/ZDI-17-772	Third Party Advisory VDB Entry
66	http://www.zerodayinitiative.com/advisories/ZDI-17-772	Third Party Advisory VDB Entry
67	http://www.zerodayinitiative.com/advisories/ZDI-17-773	Third Party Advisory VDB Entry
68	http://www.zerodayinitiative.com/advisories/ZDI-17-773	Third Party Advisory VDB Entry
69	http://www.zerodayinitiative.com/advisories/ZDI-17-775	Third Party Advisory VDB Entry
70	http://www.zerodayinitiative.com/advisories/ZDI-17-775	Third Party Advisory VDB Entry
71	http://www.zerodayinitiative.com/advisories/ZDI-17-776	Third Party Advisory VDB Entry
72	http://www.zerodayinitiative.com/advisories/ZDI-17-776	Third Party Advisory VDB Entry
73	http://www.zerodayinitiative.com/advisories/ZDI-17-777	Third Party Advisory VDB Entry
74	http://www.zerodayinitiative.com/advisories/ZDI-17-777	Third Party Advisory VDB Entry
75	http://www.zerodayinitiative.com/advisories/ZDI-17-778	Third Party Advisory VDB Entry
76	http://www.zerodayinitiative.com/advisories/ZDI-17-778	Third Party Advisory VDB Entry
77	http://www.zerodayinitiative.com/advisories/ZDI-17-779	Third Party Advisory VDB Entry
78	http://www.zerodayinitiative.com/advisories/ZDI-17-779	Third Party Advisory VDB Entry
79	http://www.zerodayinitiative.com/advisories/ZDI-17-780	Third Party Advisory VDB Entry
80	http://www.zerodayinitiative.com/advisories/ZDI-17-780	Third Party Advisory VDB Entry
81	http://www.zerodayinitiative.com/advisories/ZDI-17-781	Third Party Advisory VDB Entry
82	http://www.zerodayinitiative.com/advisories/ZDI-17-781	Third Party Advisory VDB Entry
83	http://www.zerodayinitiative.com/advisories/ZDI-17-782	Third Party Advisory VDB Entry
84	http://www.zerodayinitiative.com/advisories/ZDI-17-782	Third Party Advisory VDB Entry
85	http://www.zerodayinitiative.com/advisories/ZDI-17-783	Third Party Advisory VDB Entry
86	http://www.zerodayinitiative.com/advisories/ZDI-17-783	Third Party Advisory VDB Entry
87	http://www.zerodayinitiative.com/advisories/ZDI-17-784	Third Party Advisory VDB Entry
88	http://www.zerodayinitiative.com/advisories/ZDI-17-784	Third Party Advisory VDB Entry
89	http://www.zerodayinitiative.com/advisories/ZDI-17-786	Third Party Advisory VDB Entry
90	http://www.zerodayinitiative.com/advisories/ZDI-17-786	Third Party Advisory VDB Entry
91	http://www.zerodayinitiative.com/advisories/ZDI-17-787	Third Party Advisory VDB Entry
92	http://www.zerodayinitiative.com/advisories/ZDI-17-787	Third Party Advisory VDB Entry
93	http://www.zerodayinitiative.com/advisories/ZDI-17-788	Third Party Advisory VDB Entry
94	http://www.zerodayinitiative.com/advisories/ZDI-17-788	Third Party Advisory VDB Entry
95	http://www.zerodayinitiative.com/advisories/ZDI-17-791	Third Party Advisory VDB Entry
96	http://www.zerodayinitiative.com/advisories/ZDI-17-791	Third Party Advisory VDB Entry
97	http://www.zerodayinitiative.com/advisories/ZDI-17-792	Third Party Advisory VDB Entry
98	http://www.zerodayinitiative.com/advisories/ZDI-17-792	Third Party Advisory VDB Entry
99	http://www.zerodayinitiative.com/advisories/ZDI-17-793	Third Party Advisory VDB Entry
100	http://www.zerodayinitiative.com/advisories/ZDI-17-793	Third Party Advisory VDB Entry
101	http://www.zerodayinitiative.com/advisories/ZDI-17-794	Third Party Advisory VDB Entry
102	http://www.zerodayinitiative.com/advisories/ZDI-17-794	Third Party Advisory VDB Entry
103	http://www.zerodayinitiative.com/advisories/ZDI-17-795	Third Party Advisory VDB Entry
104	http://www.zerodayinitiative.com/advisories/ZDI-17-795	Third Party Advisory VDB Entry
105	http://www.zerodayinitiative.com/advisories/ZDI-17-796	Third Party Advisory VDB Entry
106	http://www.zerodayinitiative.com/advisories/ZDI-17-796	Third Party Advisory VDB Entry
107	http://www.zerodayinitiative.com/advisories/ZDI-17-797	Third Party Advisory VDB Entry
108	http://www.zerodayinitiative.com/advisories/ZDI-17-797	Third Party Advisory VDB Entry
109	http://www.zerodayinitiative.com/advisories/ZDI-17-798	Third Party Advisory VDB Entry
110	http://www.zerodayinitiative.com/advisories/ZDI-17-798	Third Party Advisory VDB Entry
111	http://www.zerodayinitiative.com/advisories/ZDI-17-799	Third Party Advisory VDB Entry
112	http://www.zerodayinitiative.com/advisories/ZDI-17-799	Third Party Advisory VDB Entry
113	http://www.zerodayinitiative.com/advisories/ZDI-17-800	Third Party Advisory VDB Entry
114	http://www.zerodayinitiative.com/advisories/ZDI-17-800	Third Party Advisory VDB Entry
115	http://www.zerodayinitiative.com/advisories/ZDI-17-801	Third Party Advisory VDB Entry
116	http://www.zerodayinitiative.com/advisories/ZDI-17-801	Third Party Advisory VDB Entry
117	http://www.zerodayinitiative.com/advisories/ZDI-17-802	Third Party Advisory VDB Entry
118	http://www.zerodayinitiative.com/advisories/ZDI-17-802	Third Party Advisory VDB Entry
119	http://www.zerodayinitiative.com/advisories/ZDI-17-803	Third Party Advisory VDB Entry
120	http://www.zerodayinitiative.com/advisories/ZDI-17-803	Third Party Advisory VDB Entry
121	http://www.zerodayinitiative.com/advisories/ZDI-17-804	Third Party Advisory VDB Entry
122	http://www.zerodayinitiative.com/advisories/ZDI-17-804	Third Party Advisory VDB Entry
123	http://www.zerodayinitiative.com/advisories/ZDI-17-805	Third Party Advisory VDB Entry
124	http://www.zerodayinitiative.com/advisories/ZDI-17-805	Third Party Advisory VDB Entry
125	http://www.zerodayinitiative.com/advisories/ZDI-17-806	Third Party Advisory VDB Entry
126	http://www.zerodayinitiative.com/advisories/ZDI-17-806	Third Party Advisory VDB Entry
127	http://www.zerodayinitiative.com/advisories/ZDI-17-808	Third Party Advisory VDB Entry
128	http://www.zerodayinitiative.com/advisories/ZDI-17-808	Third Party Advisory VDB Entry
129	http://www.zerodayinitiative.com/advisories/ZDI-17-809	Third Party Advisory VDB Entry
130	http://www.zerodayinitiative.com/advisories/ZDI-17-809	Third Party Advisory VDB Entry
131	http://www.zerodayinitiative.com/advisories/ZDI-17-810	Third Party Advisory VDB Entry
132	http://www.zerodayinitiative.com/advisories/ZDI-17-810	Third Party Advisory VDB Entry
133	https://success.trendmicro.com/solution/1118224	Mitigation Patch Vendor Advisory
134	https://success.trendmicro.com/solution/1118224	Mitigation Patch Vendor Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

JVN脆弱性情報

Trend Micro Mobile Security における SQL インジェクションの脆弱性

タイトル	Trend Micro Mobile Security における SQL インジェクションの脆弱性
概要	Trend Micro Mobile Security には、SQL インジェクションの脆弱性が存在します。
想定される影響	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2017年9月13日0:00
登録日	2017年10月16日16:51
最終更新日	2019年3月4日11:23

影響を受けるシステム

トレンドマイクロ

Trend Micro Mobile Security (Enterprise) 9.7 Patch 3 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-14078	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14078
National Vulnerability Database (NVD)
2	CVE-2017-14078	https://nvd.nist.gov/vuln/detail/CVE-2017-14078

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	名前	URL
TrendMicro Solution
1	1118224	https://success.trendmicro.com/solution/1118224

その他

No	名前	URL
JVN
1	JVNVU#97891221	https://jvn.jp/vu/JVNVU97891221/

変更履歴

No	変更内容	変更日
0	[2017年10月16日] 掲載	2018年2月17日10:37
1	[2019年03月04日] 参考情報：JVN (JVNVU#97891221) を追加	2019年3月4日10:11