CVE-2020-27019 — Missing Authentication for Critical Function in Interscan Messaging Security Virtual Appliance

CWE-306 — Missing Authentication for Critical Function CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 66.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan Messaging Security Virtual Appliance Trend Micro Interscan Messaging Security Virtual Appliance

Timeline

PublishedNov 9

Latest updateMay 24

Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDtrendmicro/interscan_messaging_security_virtual_appliance9.1

▶CVEListV5trend_micro/trend_micro_interscan_messaging_security_virtual_appliance9.1

🔴Vulnerability Details

GHSA

GHSA-7f7p-8xm3-467q: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9↗2022-05-24

▶

CVEList

CVE-2020-27019: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9↗2020-11-09

▶