Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2998

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published

2012-09-28T10:40:21.727

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trend_micro	control_manager	≤ 5.5	Yes
Application	trend_micro	control_manager	2.0	Yes
Application	trend_micro	control_manager	2.1	Yes
Application	trend_micro	control_manager	2.5	Yes
Application	trend_micro	control_manager	3.0	Yes
Application	trend_micro	control_manager	3.0	Yes
Application	trend_micro	control_manager	3.5	Yes
Application	trend_micro	control_manager	3.5	Yes
Application	trend_micro	control_manager	5.0	Yes
Application	trend_micro	control_manager	5.0	Yes
Application	trend_micro	control_manager	5.5	Yes
Application	trend_micro	control_manager	6.0	Yes

References

http://esupport.trendmicro.com/solution/en-us/1061043.aspx Vendor Advisory ([email protected])
http://jvn.jp/en/jp/JVN42014489/index.html Patch ([email protected])
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090 Patch ([email protected])
http://www.kb.cert.org/vuls/id/950795 US Government Resource ([email protected])
http://www.securitytracker.com/id?1027584 ([email protected])
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/ Patch ([email protected])
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt Patch ([email protected])
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt Patch ([email protected])
http://esupport.trendmicro.com/solution/en-us/1061043.aspx Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/en/jp/JVN42014489/index.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/950795 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1027584 (af854a3a-2127-422b-91ae-364da2661108)
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/ Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt Patch (af854a3a-2127-422b-91ae-364da2661108)