Описание
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- MitigationPatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
EPSS
Процентиль: 24%
0.00081
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-264