How severe is CVE-2016-6269?

CVE-2016-6269 has a CVSS v3 score of 9.1 (CRITICAL).

CVE-2016-6269

Name: smart_protection_server
Author: trendmicro

9.1CRITICAL

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete ar

公開日: 1/30/2017更新日: 4/20/2025

説明

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.

AI分析AIによる分析

影響を受ける製品

trendmicrosmart_protection_server

2.5

trendmicrosmart_protection_server

2.6

trendmicrosmart_protection_server

3.0

参照

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/
ExploitTechnical DescriptionThird Party Advisory
https://success.trendmicro.com/solution/1114913
MitigationPatchVendor Advisory
https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/
ExploitTechnical DescriptionThird Party Advisory
https://success.trendmicro.com/solution/1114913
MitigationPatchVendor Advisory