JVNVU#93072012: Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector

Overview

Trend Micro Incorporated has released a security update for Trend Micro Deep Discovery Inspector.

Products Affected

Trend Micro Deep Discovery Inspector versions 5.8 to 6.5
Trend Micro Deep Discovery Inspector versions prior to 6.6 builds 1097
Trend Micro Deep Discovery Inspector versions prior to 6.7 builds 1107

Description

Trend Micro Incorporated has released a security update for Trend Micro Deep Discovery Inspector.

Impact

Information disclosure due to multiple SQL injection vulnerabilities (CVE-2024-46902, CVE-2024-46903)

As for the details of the impacts, refer to the information provided by the developer.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the patches listed below that contain fixes for these vulnerabilities.

Trend Micro Deep Discovery Inspector 6.6 CP 1097
Trend Micro Deep Discovery Inspector 6.7 CP 1107

Note that, in case of using Trend Micro Deep Discovery Inspector versions 5.8 to 6.5, upgrade to version 6.6 or 6.7, and apply the appropriate patch according to the information provided by the developer.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Deep Discovery Inspector Information Disclosure Vulnerabilities

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#93072012 Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector