[Japanese]
|
JVNDB-2012-000090
|
Trend Micro Control Manager vulnerable to SQL injection
|
Trend Micro Control Manager contains a SQL injection vulnerability.
Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection.
Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 6.5 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Trend Micro, Inc.
- Trend Micro Control Manager prior to 6.0.0.1449 (English version)
- Trend Micro Control Manager prior to 5.5.0.1823 (English version)
- Trend Micro Control Manager prior to 5.5.0.1823 (Japanese version)
|
|
An arbitrary SQL command may be executed in the backend database the product is referencing.
|
[Apply a patch]
Apply the appropriate patch according to the information provided by the developer.
|
Trend Micro, Inc.
|
- SQL Injection(CWE-89) [IPA Evaluation]
|
- CVE-2012-2998
|
- JVN : JVN#42014489
- National Vulnerability Database (NVD) : CVE-2012-2998
- US-CERT Vulnerability Note : VU#950795
|
- [2012/09/27]
Web page was published
|