CVE-2012-2998

EUVD-2012-2976
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
trend_microcontrol_manager
𝑥
≤ 5.5
trend_microcontrol_manager
2.0
trend_microcontrol_manager
2.1
trend_microcontrol_manager
2.5
trend_microcontrol_manager
3.0
trend_microcontrol_manager
3.0
trend_microcontrol_manager
3.5
trend_microcontrol_manager
3.5
trend_microcontrol_manager
5.0
trend_microcontrol_manager
5.0
trend_microcontrol_manager
5.5
trend_microcontrol_manager
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-us/1061043.aspx
http://jvn.jp/en/jp/JVN42014489/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090
http://www.kb.cert.org/vuls/id/950795
http://www.securitytracker.com/id?1027584
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt
http://esupport.trendmicro.com/solution/en-us/1061043.aspx
http://jvn.jp/en/jp/JVN42014489/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090
http://www.kb.cert.org/vuls/id/950795
http://www.securitytracker.com/id?1027584
http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt