PT-2017-11974 · Trend Micro · Trend Micro Control Manager

Published

2017-07-31

Updated

2017-08-06

CVE-2017-11388

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue is related to SQL Injection in the RestfulServiceUtility.NET.dll component, which fails to properly validate user-provided strings before constructing SQL queries, leading to Remote Code Execution.

Recommendations For Trend Micro Control Manager version 6.0, update the software to a version that properly validates user input to prevent SQL injection attacks.

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-11388

ZDI-17-498

ZDI-17-499

Affected Products

Trend Micro Control Manager

PT-2017-11974 · Trend Micro · Trend Micro Control Manager

CVE-2017-11388

Weakness Enumeration

Related Identifiers

Affected Products

References · 9