These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-6270 is a high-severity authenticated command-injection issue in Trend Micro Virtual Mobile Infrastructure (VMI) before 5.1. According to the CVE description, the handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py can be abused through shell metacharacters in the password supplied to api/v1/cfg/oauth/save_identify_pfx/, enabling arbitrary command execution by a [truncated]
CVE-2016-6269 is a critical Trend Micro Smart Protection Server vulnerability involving multiple directory traversal flaws. The issue affects Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330. According to the published vulnerability description, a remote attacker can use the tmpfname parameter in several log management handlers, and the tf parameter in wcs_bw [truncated]
CVE-2016-6268 is a high-severity Trend Micro Smart Protection Server flaw that can let a local webserv user execute arbitrary code with root privileges. The vulnerable builds listed in the NVD record are Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330. The issue is tied to a Trojan horse .war file placed in the Solr webapps directory, and the NVD CVSS vector [truncated]
CVE-2016-6267 describes an authenticated command injection issue in Trend Micro Smart Protection Server’s SnmpUtils handling for admin_notification.php. If an attacker can authenticate to the product, shell metacharacters in specific parameters may be used to execute arbitrary commands on affected systems.
CVE-2016-6266 is a high-severity authenticated remote command execution vulnerability in Trend Micro Smart Protection Server. The issue affects Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330. According to the NVD description, shell metacharacters in multiple parameters handled by cccca_ajaxhandler.php can let a remote authenticated user execute arbitrary commands.