CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-8587

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.4%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 6.0

References

http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html
http://www.securityfocus.com/bid/98508
http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html
http://www.securityfocus.com/bid/98508

Products affected by CVE-2016-8587

Trendmicro » Threat Discovery Appliance » Version: 2.6.1062

cpe:2.3:a:trendmicro:threat_discovery_appliance:2.6.1062

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-8587

Products

Pricing

Contact Us