Trend Micro Endpoint Encryption PolicyServer SQL Injection Privilege Escalation Vulnerability

A post-authentication SQL injection vulnerability has been identified in Trend Micro Endpoint Encryption PolicyServer versions prior to 6.0.0.4013. This vulnerability allows an attacker to escalate privileges on affected installations. The issue arises from improper validation of user-supplied input, which can be exploited to manipulate SQL queries and access resources typically restricted from the user. To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to gain access to restricted resources or functionalities within the application.

Remediation

Trend Micro has released a patch for this vulnerability in Endpoint Encryption PolicyServer version 6.0.0.4013. Users are encouraged to update to this version. For more information, visit the Trend Micro Download Center.