CVE-2018-3603

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description A SQL injection remote code execution issue in the CGGIServlet component could allow a remote attacker to execute arbitrary code on vulnerable installations. This issue is related to the ID QUERY COMMAND TRACKING USER ID parameter.

Recommendations For Trend Micro Control Manager version 6.0, apply the necessary patch or update to fix the CGGIServlet SQL injection remote code execution issue. As a temporary workaround, consider restricting access to the CGGIServlet component to minimize the risk of exploitation. Avoid using the ID QUERY COMMAND TRACKING USER ID parameter in the affected API endpoint until the issue is resolved.