Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:TRENDMICRO-SQLI
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	Trend Micro Control Manager SQL Injection
Release Date	2017/09/05
Update Number	2986
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Trend Micro Control Manager SQL Injection

A SQL injection vulnerability has been reported in Trend Micro Control Manager. Successful exploitation of this vulnerability, in conjunction with other vulnerabilities, could lead to code execution under the security context of the database.

Extended Description

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.

Affected Products

Trendmicro control_manager 6.0

References

CVE: CVE-2017-11385
URL: https://success.trendmicro.com/solution/1117722

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Trend Micro Control Manager SQL Injection

Extended Description

Affected Products

References