Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrendmicro Threat Discovery Appliance
APPTrendmicro≤ 2.6.1062
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Powiązane podatności
CVE-2016-7552CRITICAL9.8ten sam produkt
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id coo...
CVE-2016-7547CRITICAL9.8ten sam produkt
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone par...
CVE-2016-8586HIGH8.8ten sam produkt
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote au...
CVE-2016-8587HIGH7.3ten sam produkt
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authentic...
CVE-2016-8585HIGH8.8ten sam produkt
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticate...