SQL Injection Vulnerability in Trend Micro Control Manager Products
CVE-2012-2998

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Control Manager
Vendor: CVE Published:; 28 September 2012

Summary

The vulnerability in the ad hoc query module of Trend Micro Control Manager allows attackers to perform SQL injection attacks. This flaw gives remote attackers the capability to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation. The affected versions include those prior to 5.5.0.1823 and 6.0.0.1449. It is essential for users of these products to apply the necessary patches to mitigate risks associated with this vulnerability.

References

http://www.spentera.com/2012/09/trend-micro-control-manag...

x_refsource_MISC

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090

third-party-advisoryx_refsource_JVNDB

http://www.trendmicro.com/ftp/documentation/readme/readme...

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2012
Vulnerability Reserved
May 30, 2012