Vulnerabilites related to Trend Micro, Inc. - Trend Micro Control Manager
jvndb-2017-002290
Vulnerability from jvndb
Published
2018-01-17 16:15
Modified
2018-01-17 16:15
Summary
Trend Micro Control Manager vulnerable to SQL injection
Details
Trend Micro Control Manager contains multiple SQL injection vulnerabilities.
This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below.
TippingPoint Zero Day Initiative
http://www.zerodayinitiative.com/advisories/published/
ZDI-17-180, ZDI-17-181, ZDI-17-182, ZDI-17-183, ZDI-17-184, ZDI-17-185, ZDI-17-186
References
| ► | Type | URL | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-002290.html",
"dc:date": "2018-01-17T16:15+09:00",
"dcterms:issued": "2018-01-17T16:15+09:00",
"dcterms:modified": "2018-01-17T16:15+09:00",
"description": "Trend Micro Control Manager contains multiple SQL injection vulnerabilities.\r\n\r\nThis advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below. \r\n\r\nTippingPoint Zero Day Initiative\r\nhttp://www.zerodayinitiative.com/advisories/published/\r\n\r\nZDI-17-180, ZDI-17-181, ZDI-17-182, ZDI-17-183, ZDI-17-184, ZDI-17-185, ZDI-17-186",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-002290.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:control_manager",
"@product": "Trend Micro Control Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2017-002290",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU91290407/index.html",
"@id": "JVNVU#91290407",
"@source": "JVN"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/published/",
"@id": "Zero Day Initiative",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-180/",
"@id": "ZDI-17-180",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-181/",
"@id": "ZDI-17-181",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-182/",
"@id": "ZDI-17-182",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-183/",
"@id": "ZDI-17-183",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-184/",
"@id": "ZDI-17-184",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-185/",
"@id": "ZDI-17-185",
"@source": "Related Information"
},
{
"#text": "http://www.zerodayinitiative.com/advisories/ZDI-17-186/",
"@id": "ZDI-17-186",
"@source": "Related Information"
}
],
"title": "Trend Micro Control Manager vulnerable to SQL injection"
}
jvndb-2012-000090
Vulnerability from jvndb
Published
2012-09-27 12:43
Modified
2012-09-27 12:43
Summary
Trend Micro Control Manager vulnerable to SQL injection
Details
Trend Micro Control Manager contains a SQL injection vulnerability.
Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection.
Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000090.html",
"dc:date": "2012-09-27T12:43+09:00",
"dcterms:issued": "2012-09-27T12:43+09:00",
"dcterms:modified": "2012-09-27T12:43+09:00",
"description": "Trend Micro Control Manager contains a SQL injection vulnerability.\r\n\r\nTrend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection.\r\n\r\nTom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000090.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:control_manager",
"@product": "Trend Micro Control Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000090",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42014489/index.html",
"@id": "JVN#42014489",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2998",
"@id": "CVE-2012-2998",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2998",
"@id": "CVE-2012-2998",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/950795",
"@id": "VU#950795",
"@source": "CERT-VN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Trend Micro Control Manager vulnerable to SQL injection"
}