CVE-2017-11396

3 documents3 sources

Severity

7.2HIGH

EPSS

0.9%

top 24.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Interscan WEB Security Virtual Appliance Trendmicro Interscan WEB Security Virtual Appliance

Timeline

PublishedSep 22

Latest updateMay 13

Description

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/interscan_web_security_virtual_appliance6.5

▶CVEListV5trend_micro/interscan_web_security_virtual_appliance6.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-crhv-g6x9-9c8c: Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6↗2022-05-13

▶

CVEList

CVE-2017-11396: Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6↗2017-09-22

▶