CVE-2020-27693Use of Password Hash With Insufficient Computational Effort in Interscan Messaging Security Virtual Appliance

CWE-916Use of Password Hash With Insufficient Computational Effort3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 76.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trendmicro Interscan Messaging Security Virtual ApplianceTrend Micro Interscan Messaging Security Virtual Appliance
Timeline
PublishedNov 9
Latest updateMay 24

Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cp9g-g6vr-5grf: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 92022-05-24
CVEList
CVE-2020-27693: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 92020-11-09