On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrendmicro Threat Discovery Appliance
APPTrendmicro2.6.1062
Powiązane podatności
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows re...
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone par...
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote au...
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authentic...
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticate...