In association with heise online

01 October 2012, 19:13

SQL injection in Trend Micro's Control Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Trend Micro

Of all things, Trend Micro's platform for centralised security management is vulnerable to SQL injection attacks. According to US-CERT, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches for both affected versions.

The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analysing the timing of SQL queries.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit