Trend Micro Control Manager GetPassword() SQLi

High Nessus Plugin ID 110766


A web application running on the remote host is affected by an SQLi


The Trend Micro Control Manager running on the remote host is
affected by an SQLi vulnerability when processing an HTTP request due
to the lack of proper validation of a user-supplied string before
using it to construct SQL queries. An unauthenticated, remote attacker
can exploit this issue, via a specially crafted HTTP request, to
execute code under the context of the Network Service account.

Note that Trend Micro Control Manager is reportedly affected by
additional vulnerabilities; however, this plugin has not tested for


Upgrade to Trend Micro Control Manager version 6.0 build 3748 / 7.0 or later.

Note that version 6.0 build 3748 requires version 6.0 SP3 Patch 3 as a

See Also

Plugin Details

Severity: High

ID: 110766

File Name: trendmicro_control_manager_cve-2018-3064.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 2018/06/28

Modified: 2018/09/17

Dependencies: 97225

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Sqli rce is achievable with default tmcm configuration and runs as the network service account

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Patch Publication Date: 2018/01/09

Vulnerability Publication Date: 2018/01/09

Reference Information

CVE: CVE-2018-3604

ZDI: ZDI-18-067