Short Name |
APP:TRENDMICRO-SQLI |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Trend Micro Control Manager SQL Injection |
Release Date |
2017/09/05 |
Update Number |
2986 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A SQL injection vulnerability has been reported in Trend Micro Control Manager. Successful exploitation of this vulnerability, in conjunction with other vulnerabilities, could lead to code execution under the security context of the database.
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.