Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2016-8587 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | 6.0 |
| 2017-04-28 | CVE-2016-8586 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8585 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8584 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | 7.5 |
| 2017-04-18 | CVE-2017-7896 | Cross-site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | 4.3 |
| 2017-04-12 | CVE-2016-7552 | Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. | 10.0 |
| 2017-04-12 | CVE-2016-7547 | 7PK - Time and State vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | 7.5 |
| 2017-04-05 | CVE-2017-6340 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. | 3.5 |
| 2017-04-05 | CVE-2017-6339 | Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. | 4.0 |
| 2017-04-05 | CVE-2017-6338 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | 4.0 |