QwikSec

Security Database

CVE

CWE

Training

CVE-2016-6270

Published: Jan 30, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://success.trendmicro.com/solution/1115411

x_refsource_CONFIRM

https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.