CVE-2009-0613 — Interscan WEB Security Suite vulnerability

CWE-2644 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 36.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan WEB Security Suite

Timeline

PublishedFeb 17

Latest updateMay 2

Description

Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDtrendmicro/interscan_web_security_suite3.1

🔴Vulnerability Details

GHSA

GHSA-jwhg-ppr8-j6wh: Trend Micro InterScan Web Security Suite (IWSS) 3↗2022-05-02

▶

CVEList

CVE-2009-0613: Trend Micro InterScan Web Security Suite (IWSS) 3↗2009-02-17

▶

💬Community

Bugzilla

CVE-2009-3552 GUI: Man in the middle attack possible on the GUI to Backend SSL connection↗2009-10-14

▶