How severe is CVE-2016-6269?

CVE-2016-6269 has a CVSS v3 score of 9.1 (CRITICAL).

CVE-2016-6269

Name: smart_protection_server
Author: trendmicro

9.1CRITICAL

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete ar

Publicado: 1/30/2017Atualizado: 4/20/2025

Descrição

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.

Análise IADesenvolvido por IA

Produtos Afetados

trendmicrosmart_protection_server

2.5

trendmicrosmart_protection_server

2.6

trendmicrosmart_protection_server

3.0

Referências

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/
ExploitTechnical DescriptionThird Party Advisory
https://success.trendmicro.com/solution/1114913
MitigationPatchVendor Advisory
https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/
ExploitTechnical DescriptionThird Party Advisory
https://success.trendmicro.com/solution/1114913
MitigationPatchVendor Advisory