virus logo Intrusion Prevention

Trend.Micro.Control.Manager.ad.hoc.query.Module.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection vulnerability in Trend Micro Control Manager.
The vulnerability is a result of the application's failure to properly sanitize user input passed to the "id" parameter before using it in a SQL query. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

affected-products-logoAffected Products

Trend Micro Control Manager 5.5 prior to 5.5.0.1823
Trend Micro Control Manager 6 prior to 6.0.0.1449

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply patch available from the website.
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-08-01 25.612 Name:TrendMicro.
Control.
Manager.
ad.
hoc.
query.
Module.
SQL.
Injection:Trend.
Micro.
Control.
Manager.
ad.
hoc.
query.
Module.
SQL.
Injection

References

http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/ http://www.exploit-db.com/exploits/21546/
ID 33433
Created Oct 23, 2012
Updated Jul 31, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2012-2998
Exploit Prediction Score 4.52%
Default Action drop
Active
Affected OS Windows
Affected App ASP_app