Vulnerabilities > Trendmicro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2016-8587 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | 7.3 |
| 2017-04-28 | CVE-2016-8586 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8585 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 8.8 |
| 2017-03-14 | CVE-2017-6398 | Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.11600 An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. | 8.8 |
| 2017-03-10 | CVE-2017-6798 | Untrusted Search Path vulnerability in Trendmicro Endpoint Sensor 1.6 Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. | 7.8 |
| 2017-02-21 | CVE-2016-9315 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. | 8.8 |
| 2017-02-21 | CVE-2016-9314 | Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. | 7.8 |
| 2017-01-30 | CVE-2016-6270 | Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0 The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | 8.8 |
| 2017-01-30 | CVE-2016-6268 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | 7.8 |
| 2017-01-30 | CVE-2016-6267 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | 8.8 |