You are here

U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands

September 28, 2012 - 6:00am

Addthis

PROBLEM:

Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands

PLATFORM:

Control Manager - 3.0, 3.5, 5.0, 5.5, 6.0

ABSTRACT:

Trend Micro has been notified of a potential product vulnerability in Control Manager.

reference LINKS:

Trend Micro Technical Support ID 1061043
SecurityTracker Alert ID:  1027584
Secunia Advisory SA50760
CVE-2012-2998

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious users to conduct SQL injection attacks.

Impact:

A remote user can execute SQL commands on the underlying database.

Solution:

The vendor has issued a fix.

For 5.5: Critical Patch - Build 1823
For 6.0: Critical Patch - Build 1449

Addthis