CVE-2020-27016 — Cross-Site Request Forgery in Interscan Messaging Security Virtual Appliance

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 47.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan Messaging Security Virtual Appliance Trend Micro Interscan Messaging Security Virtual Appliance

Timeline

PublishedNov 9

Latest updateMay 24

Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/interscan_messaging_security_virtual_appliance9.1

▶CVEListV5trend_micro/trend_micro_interscan_messaging_security_virtual_appliance9.1

🔴Vulnerability Details

GHSA

GHSA-r87g-pphp-cg7r: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9↗2022-05-24

▶

CVEList

CVE-2020-27016: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9↗2020-11-09

▶