Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-9315Improper Privilege Management in Interscan WEB Security Virtual Appliance

CWE-2644 documents4 sources
Severity
8.8HIGHNVD
EPSS
5.9%
top 9.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Trendmicro Interscan WEB Security Virtual Appliance
Timeline
PublishedFeb 21
Latest updateMay 17

Description

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hrg8-gpjj-7r7x: Privilege Escalation Vulnerability in com2022-05-17
CVEList
CVE-2016-9315: Privilege Escalation Vulnerability in com2017-02-21

💥Exploits & PoCs

1
Exploit-DB
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities2016-11-28
CVE-2016-9315 — Improper Privilege Management | cvebase