CVE-2018-3605

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue is related to SQL injection remote code execution (RCE) vulnerabilities in various methods of Trend Micro Control Manager. These vulnerabilities could allow a remote attacker to execute arbitrary code on vulnerable installations. The affected methods include TopXXX, ViolationXXX, and IncidentXXX, among others.

Recommendations For Trend Micro Control Manager version 6.0, consider disabling the affected methods, such as TopXXX, ViolationXXX, and IncidentXXX, until a patch is available. Restrict access to the vulnerable SQL injection endpoints to minimize the risk of exploitation. Avoid using vulnerable parameters or variables in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.