CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-7552

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.93

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://www.securityfocus.com/bid/97599
https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6
http://www.securityfocus.com/bid/97599
https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6

Products affected by CVE-2016-7552

Trendmicro » Threat Discovery Appliance » Version: 2.6.1062

cpe:2.3:a:trendmicro:threat_discovery_appliance:2.6.1062

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-7552

Products

Pricing

Contact Us