PROBLEM:
Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands
PLATFORM:
Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0
ABSTRACT:
Trend Micro has been notified of a potential product vulnerability in Control Manager.
reference LINKS:
Trend Micro Technical Support ID 1061043
SecurityTracker Alert ID: 1027584
Secunia Advisory SA50760
CVE-2012-2998
IMPACT ASSESSMENT:
Medium
Discussion:
A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious users to conduct SQL injection attacks.
Impact:
A remote user can execute SQL commands on the underlying database.
Solution:
For 5.5: Critical Patch - Build 1823
For 6.0: Critical Patch - Build 1449