CVE-2018-3607

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue allows a remote attacker to execute arbitrary code on vulnerable installations due to SQL injection remote code execution vulnerabilities in the XXXTreeNode method. This can be exploited through specific function calls, such as ClearSelectedTreeNode, sp DeleteSelectedTreeNodesByRefKey, and InsertSelectedTreeNodeWithACL.

Recommendations For Trend Micro Control Manager version 6.0, consider disabling the XXXTreeNode method and related functions ClearSelectedTreeNode, sp DeleteSelectedTreeNodesByRefKey, and InsertSelectedTreeNodeWithACL until a patch is available. Restrict access to these vulnerable functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.