Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2998

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2998
Last Modified 13 Feb 2013 11:53:48
Published 28 Sep 2012 06:40:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2998

Summary

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Trend Micro Control Manager 2.0

  • Trend Micro Control Manager 2.1

  • Trend Micro Control Manager 2.5

  • Trend Micro Control Manager 3.0

  • Trend Micro Control Manager 3.5

  • Trend Micro Control Manager 5.0

  • Trend Micro Control Manager 5.5

  • Trend Micro Control Manager 6.0


References

CERT-VN - VU#950795

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt

MISC - http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/

JVNDB - JVNDB-2012-000090

JVN - JVN#42014489

CONFIRM - http://esupport.trendmicro.com/solution/en-us/1061043.aspx

SECTRACK - 1027584


Last Updated: 27 May 2016 11:01:50