CVE-2020-8461

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 54.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Interscan WEB Security Virtual Appliance Trendmicro Interscan WEB Security Virtual Appliance

Timeline

PublishedDec 17

Latest updateMay 24

Description

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/interscan_web_security_virtual_appliance6.5

▶CVEListV5trend_micro/trend_micro_interscan_web_security_virtual_appliance6.5 SP2

🔴Vulnerability Details

GHSA

GHSA-784w-4q35-257w: A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6↗2022-05-24

▶

CVEList

CVE-2020-8461: A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6↗2020-12-17

▶