CVE-2012-2998

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
trend_microcontrol_manager
𝑥
≤ 5.5
trend_microcontrol_manager
2.0
trend_microcontrol_manager
2.1
trend_microcontrol_manager
2.5
trend_microcontrol_manager
3.0
trend_microcontrol_manager
3.0
trend_microcontrol_manager
3.5
trend_microcontrol_manager
3.5
trend_microcontrol_manager
5.0
trend_microcontrol_manager
5.0
trend_microcontrol_manager
5.5
trend_microcontrol_manager
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-us/1061043.aspx
http://jvn.jp/en/jp/JVN42014489/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090
http://www.kb.cert.org/vuls/id/950795
http://www.securitytracker.com/id?1027584
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt
http://esupport.trendmicro.com/solution/en-us/1061043.aspx
http://jvn.jp/en/jp/JVN42014489/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090
http://www.kb.cert.org/vuls/id/950795
http://www.securitytracker.com/id?1027584
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt