CVE ID: CVE-2017-14078 CVSS Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected Vendors: Trend Micro Affected Products: Mobile Security for Enterprise Vulnerability Details: - Description: SQL Injection vulnerability in the function, allowing remote attackers to execute arbitrary code on vulnerable installations. - Impact: Authentication is required, and the vulnerability can be exploited to execute arbitrary code under the context of SYSTEM. - Cause: The process does not properly validate a user-supplied string before using it to construct SQL queries. Additional Details: Trend Micro has issued an update to correct the vulnerability. More details available at: https://success.trendmicro.com/solution/1118224 Disclosure Timeline: - 2017-05-17: Vulnerability reported to vendor - 2017-09-15: Coordinated public release of advisory Credit: Steven Seeley (@mr_me) & Roberto Suggi Liverani (@malerisch)