High severity7.3NVD Advisory· Published Apr 28, 2017· Updated May 13, 2026
CVE-2016-8587
CVE-2016-8587
Description
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
Affected products
1- cpe:2.3:a:trendmicro:threat_discovery_appliance:*:r1:*:*:*:*:*:*Range: <=2.6.1062
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/98508nvd
News mentions
0No linked articles in our index yet.