Vulnerability Description
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Control Manager | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100078
- http://www.securitytracker.com/id/1039049
- http://www.zerodayinitiative.com/advisories/ZDI-17-498Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-499Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117722PatchVendor Advisory
- http://www.securityfocus.com/bid/100078
- http://www.securitytracker.com/id/1039049
- http://www.zerodayinitiative.com/advisories/ZDI-17-498Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-499Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117722PatchVendor Advisory
FAQ
What is CVE-2017-11388?
CVE-2017-11388 is a vulnerability with a CVSS score of 8.8 (HIGH). SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Former...
How severe is CVE-2017-11388?
CVE-2017-11388 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11388?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Control Manager.