HTTP: Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection
This signature detects attempts to exploit a known vulnerability in Trend Micro Mobile Security Enterprise. Successful exploitation of this vulnerability can lead to remote code execution in the context of SYSTEM.
Extended Description
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Affected Products
Trendmicro mobile_security
References
CVE: CVE-2017-14078
Short Name
HTTP:SQL:INJ:TM-MSE-ID-SQLI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-14078 Enterprise Injection Micro Mobile SQL Security Trend get_dep_profile id
Release Date
01/16/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Trendmicro
CVSS Score
10.0