This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability.
The specific flaw exists within DeploymentPlan_Event_Handler.aspx. The issue lies in the failure to sanitize user-supplied input prior to parsing it as XML. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process.