Unrated severityNVD Advisory· Published Sep 28, 2012· Updated Apr 29, 2026
CVE-2012-2998
CVE-2012-2998
Description
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Affected products
12cpe:2.3:a:trend_micro:control_manager:*:*:std_ed:*:*:*:*:*+ 11 more
- cpe:2.3:a:trend_micro:control_manager:*:*:std_ed:*:*:*:*:*range: <=5.5
- cpe:2.3:a:trend_micro:control_manager:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:3.0:*:ent_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:3.0:*:std_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:3.5:*:ent_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:3.5:*:std_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:5.0:*:adv_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:5.0:*:std_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:5.5:*:adv_ed:*:*:*:*:*
- cpe:2.3:a:trend_micro:control_manager:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- jvn.jp/en/jp/JVN42014489/index.htmlnvdPatch
- jvndb.jvn.jp/jvndb/JVNDB-2012-000090nvdPatch
- www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/nvdPatch
- www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txtnvdPatch
- www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txtnvdPatch
- esupport.trendmicro.com/solution/en-us/1061043.aspxnvdVendor Advisory
- www.kb.cert.org/vuls/id/950795nvdUS Government Resource
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.