Trend Micro Control Manager sCloudService GetPassword SQL Injection (CVE-2018-3604)

An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input on SOAP sCloudService requests invoking the GetPassword method. Successful exploitation of the vulnerability could allow the attacker to execute arbitra...

Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...

Trend Micro Control Manager sCloudService GetProductServerType SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...