CVE-2014-8510 — Improper Input Validation in Interscan WEB Security Virtual Appliance

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 53.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan WEB Security Virtual Appliance

Timeline

PublishedNov 7

Latest updateMay 17

Description

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDtrendmicro/interscan_web_security_virtual_appliance4 versions+3

🔴Vulnerability Details

GHSA

GHSA-pjmj-7fqw-h4cc: The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6↗2022-05-17

▶

CVEList

CVE-2014-8510: The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6↗2014-11-07

▶