[Japanese]
|
JVNDB-2017-002290
|
Trend Micro Control Manager vulnerable to SQL injection
|
Trend Micro Control Manager contains multiple SQL injection vulnerabilities.
This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below.
TippingPoint Zero Day Initiative
http://www.zerodayinitiative.com/advisories/published/
ZDI-17-180, ZDI-17-181, ZDI-17-182, ZDI-17-183, ZDI-17-184, ZDI-17-185, ZDI-17-186
|
|
|
Trend Micro, Inc.
- Trend Micro Control Manager Version 6.0 prior to build 3506
|
|
* An unauthenticated user may access and read files stored on the server
* A remote attacker may execute arbitrary code, escalate privilege or perform directory traversal attacks
* A remote attacker may cause SQL injection attacks and upload/execute arbitrary code
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released Trend Micro Control Manager 6.0 Service Pack 3 Patch 2 Critical Patch (build 3506) to address these vulnerabilities.
|
Trend Micro, Inc.
|
|
|
- JVN : JVNVU#91290407
- Related Information : Zero Day Initiative
- Related Information : ZDI-17-180
- Related Information : ZDI-17-181
- Related Information : ZDI-17-182
- Related Information : ZDI-17-183
- Related Information : ZDI-17-184
- Related Information : ZDI-17-185
- Related Information : ZDI-17-186
|
- [2018/01/17]
Web page was published
|