Filtered by vendor Trendmicro
Subscribe
Filtered by product Interscan Web Security Virtual Appliance
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8605 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2022-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | |||||
| CVE-2020-8604 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. | |||||
| CVE-2020-8463 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2020-8461 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | |||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | |||||
| CVE-2020-28580 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-11-28 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | |||||
| CVE-2020-28581 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-11-28 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | |||||
| CVE-2019-9490 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2017-11396 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-08-19 | 9.0 HIGH | 7.2 HIGH |
| Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | |||||
| CVE-2016-9314 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-25 | 4.0 MEDIUM | 7.8 HIGH |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-25 | 4.0 MEDIUM | 8.8 HIGH |
| Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. | |||||