Trend Micro Control Manager 6.x < 6.0 SP3 Hotfix 3328 Multiple Vulnerabilities
Medium Nessus Plugin ID 93482
SynopsisA security management application installed on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its version, the Trend Micro Control Manager application installed on the remote Windows host is 6.x prior to 6.0 SP 3 Hotfix 3328 (220.127.116.1128). It is, therefore, affected by the following vulnerabilities :
- A directory traversal vulnerability exists in the task_controller.php script due to improper sanitization of user-supplied input to the 'url' parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose arbitrary files. (VulnDB 142765)
- A flaw exists in the AdHocQuery_SelectView.aspx script due to improper sanitization of user-supplied input before executing XML queries. An authenticated, remote attacker can exploit this to inject XPATH content, resulting in gaining access to sensitive information.
- Multiple XML external entity (XXE) injection vulnerabilities exist due to an incorrectly configured XML parser accepting XML external entities from untrusted sources. Specifically, these issues occur in the DeploymentPlan_Event_Handler.aspx, ProductTree.aspx, and TreeUserControl_process_tree_event.aspx scripts. An authenticated, remote attacker can exploit these issues, via specially crafted XML data, to gain access to sensitive information. (VulnDB 142767, 142768, 142769)
- Multiple SQL injection (SQLi) vulnerabilities exist due to improper sanitization of user-supplied input before using it in SQL queries. Specifically, these issues occur in the AdHocQuery_CustomProfiles.aspx and cgiCMUIDispatcher.exe scripts. An authenticated, remote attacker can exploit these issues to inject SQL queries against the back-end database, resulting in the disclosure or manipulation of arbitrary data. Moreover, the attacker can exploit these issues to inject PHP payloads, which can be then called and executed.
(VulnDB 142770, 142771)
SolutionUpgrade to Trend Micro Control Manager version 6.0 SP3 Hotfix 3328 or later.