SQL Injection in Trend_micro Control_manager

CVE-2012-2998

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerability class: SQL Injection

EPSS: 0.107 (93.5th percentile) — read the EPSS interpretation.

Affected products

Trend_micro Control_manager — versions 2.0, 2.1, 2.5
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cret@cert.org (Patch, x_refsource_MISC)
JVNDB-2012-000090 (x_refsource_JVNDB, Patch, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Patch)
1027584 (vdb-entry, x_refsource_SECTRACK)
cret@cert.org (x_refsource_CONFIRM, Patch)
VU#950795 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
JVN#42014489 (Patch, x_refsource_JVN, third-party-advisory)