HIGH🇬🇧 English

CVE-2016-8585

CVSS 8.8v3.0pub. 2017-04-28upd. 2026-05-13

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Trendmicro Threat Discovery Appliance

    APP
    Trendmicro
    ≤ 2.6.1062
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2016-8584CRITICAL9.8ten sam produkt

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows re...

CVE-2016-7547CRITICAL9.8ten sam produkt

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone par...

CVE-2016-7552CRITICAL9.8ten sam produkt

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id coo...

CVE-2016-8587HIGH7.3ten sam produkt

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authentic...

CVE-2016-8586HIGH8.8ten sam produkt

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote au...