PT-2018-16090 · Trend Micro · Trend Micro Control Manager

Mr_Me

+1

·

Publicado

2018-01-10

·

Atualizado

2018-02-27

·

CVE-2018-3606

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0
Description The issue concerns SQL injection and remote code execution vulnerabilities in various methods of Trend Micro Control Manager. These vulnerabilities could allow a remote attacker to execute arbitrary code on vulnerable installations. The affected methods include XXXStatusXXX, XXXSummary, TemplateXXX, and XXXCompliance, among others.
Recommendations For Trend Micro Control Manager version 6.0, update to a version that includes the fix for the SQL injection and remote code execution vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable methods until a patch is available. Avoid using user-input data in the affected SQL queries to minimize the risk of exploitation.

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-3606
ZDI-18-083
ZDI-18-085
ZDI-18-086
ZDI-18-089
ZDI-18-091
ZDI-18-092
ZDI-18-093
ZDI-18-099
ZDI-18-100
ZDI-18-101
ZDI-18-103
ZDI-18-104
ZDI-18-105
ZDI-18-106
ZDI-18-107
ZDI-18-108
ZDI-18-110

Produtos afetados

Trend Micro Control Manager