Critical patch available for SQL injection attacks in Control Manager (TMCM)

Support
Solution ID Last Updated
1061043 Jul. 18, 2013 2:04 AM (PST)


Product / Version Platform
Control Manager - 5.0, 5.5, 6.0;
Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise, 2003 Server R2, 2003 Standard, 2008 Enterprise, 2008 Enterprise 64-bit, 2008 Server R2, 2008 Standard, 2008 Standard 64-bit

Problem Description

Trend Micro has been notified of a potential product vulnerability in TMCM. CERT first reported that the vulnerability enables SQL injection attacks, allowing remote attackers to execute SQL commands to upload and execute arbitrary code that may harm the target system.

Solution

Trend Micro confirmed that this is a product vulnerability and affects TMCM 6.0 and other versions. Trend Micro filters user-supplied inputs to ensure all strings does not contain any damage commands before execution.
Here are the critical patches for this vulnerability:


Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on