CVE-2016-8587
HIGHTrend Micro Threat Discovery Appliance <2.6.1062r1 - Authenticated RCE
Title source: llmDescription
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98508
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html
Scores
CVSS v3
7.3
EPSS
0.0053
EPSS Percentile
67.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
trendmicro/threat_discovery_appliance
< 2.6.1062
Published
Apr 28, 2017
Tracked Since
Feb 18, 2026