HIGH🇵🇱 Wersja polska

CVE-2016-8587

CVSS 7.3v3.0pub. 2017-04-28upd. 2026-05-13

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Trendmicro Threat Discovery Appliance

    APP
    Trendmicro
    ≤ 2.6.1062
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2016-8584CRITICAL9.8ten sam produkt

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows re...

CVE-2016-7547CRITICAL9.8ten sam produkt

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone par...

CVE-2016-7552CRITICAL9.8ten sam produkt

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id coo...

CVE-2016-8586HIGH8.8ten sam produkt

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote au...

CVE-2016-8585HIGH8.8ten sam produkt

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticate...