CNVD-2016-06565

Vulnerability from cnvd - Published: 2016-08-23
VLAI Severity ?
Title
Trend Micro Control Manager存在多个SQL注入漏洞
Description
Trend Micro Control Manager(TMCM)是美国趋势科技(Trend Micro)公司的一套集成了威胁检测和数据保护的管理中心软件。 Trend Micro Control Manager存在多个SQL注入漏洞。允许攻击者利用漏洞获取在底层数据库。
Severity
Patch Name
Trend Micro Control Manager存在多个SQL注入漏洞的补丁
Patch Description
Trend Micro Control Manager(TMCM)是美国趋势科技(Trend Micro)公司的一套集成了威胁检测和数据保护的管理中心软件。 Trend Micro Control Manager存在多个SQL注入漏洞。允许攻击者利用漏洞获取在底层数据库。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: http://esupport.trendmicro.com/solution/en-US/1114749.aspx

Reference
http://www.securityfocus.com/bid/92363
Impacted products
Name
Trend Micro Control Manager 6.0
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "92363"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6220"
    }
  },
  "description": "Trend Micro Control Manager\uff08TMCM\uff09\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u6210\u4e86\u5a01\u80c1\u68c0\u6d4b\u548c\u6570\u636e\u4fdd\u62a4\u7684\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Control Manager\u5b58\u5728\u591a\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u5728\u5e95\u5c42\u6570\u636e\u5e93\u3002",
  "discovererName": "k0rpr1t_z0mb1e working with Trend Micro\u00e2??s Zero Day Initiative (ZDI),rgod working with Trend Micro\u00e2??s Zero Day Initiative (ZDI),Spyridon Chatzimichail of OTE Hellenic Mobile Telecommunications S.A.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://esupport.trendmicro.com/solution/en-US/1114749.aspx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06565",
  "openTime": "2016-08-23",
  "patchDescription": "Trend Micro Control Manager\uff08TMCM\uff09\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u6210\u4e86\u5a01\u80c1\u68c0\u6d4b\u548c\u6570\u636e\u4fdd\u62a4\u7684\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Control Manager\u5b58\u5728\u591a\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u5728\u5e95\u5c42\u6570\u636e\u5e93\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Control Manager\u5b58\u5728\u591a\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trend Micro Control Manager 6.0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/92363",
  "serverity": "\u9ad8",
  "submitTime": "2016-08-23",
  "title": "Trend Micro Control Manager\u5b58\u5728\u591a\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.