cbcvebase.

Trend Micro Interscan Web Security Virtual Appliance vulnerabilities

15 known vulnerabilities affecting trend_micro/trend_micro_interscan_web_security_virtual_appliance.

Total CVEs
15
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH8MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-8605P1HIGHCVSS 8.8PoCv6.52020-05-27
CVE-2020-8605 [HIGH] CWE-78 CVE-2020-8605: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
nvd
CVE-2020-8606P1CRITICALCVSS 9.8PoCv6.52020-05-27
CVE-2020-8606 [CRITICAL] CWE-287 CVE-2020-8606: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
nvd
CVE-2020-8604P2HIGHCVSS 7.5PoCv6.52020-05-27
CVE-2020-8604 [HIGH] CWE-22 CVE-2020-8604: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
nvd
CVE-2020-8466P1CRITICALCVSS 9.8v6.5 SP22020-12-17
CVE-2020-8466 [CRITICAL] CWE-78 CVE-2020-8466: A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, w A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
nvd
CVE-2020-28578P2CRITICALCVSS 9.8v6.5 SP22020-11-18
CVE-2020-28578 [CRITICAL] CWE-787 CVE-2020-28578: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unaut A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
nvd
CVE-2020-28579P2HIGHCVSS 8.8v6.5 SP22020-11-18
CVE-2020-28579 [HIGH] CWE-787 CVE-2020-28579: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authe A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
nvd
CVE-2020-28580P2HIGHCVSS 7.2v6.5 SP22020-11-18
CVE-2020-28580 [HIGH] CWE-78 CVE-2020-28580: A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appli A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
nvd
CVE-2020-28581P2HIGHCVSS 7.2v6.5 SP22020-11-18
CVE-2020-28581 [HIGH] CWE-78 CVE-2020-28581: A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Ap A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
nvd
CVE-2020-8464P3HIGHCVSS 7.5v6.5 SP22020-12-17
CVE-2020-8464 [HIGH] CWE-918 CVE-2020-8464: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
nvd
CVE-2020-8463P3HIGHCVSS 7.5v6.5 SP22020-12-17
CVE-2020-8463 [HIGH] CWE-22 CVE-2020-8463: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
nvd
CVE-2020-8461P3HIGHCVSS 8.8v6.5 SP22020-12-17
CVE-2020-8461 [HIGH] CWE-352 CVE-2020-8461: A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 S A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
nvd
CVE-2020-8603P4MEDIUMCVSS 6.1v6.52020-05-27
CVE-2020-8603 [MEDIUM] CWE-79 CVE-2020-8603: A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6 A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
nvd
CVE-2021-31521P4MEDIUMCVSS 5.4v6.5 SP22021-06-17
CVE-2021-31521 [MEDIUM] CWE-79 CVE-2021-31521: Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
nvd
CVE-2020-27010P4MEDIUMCVSS 4.8v6.5 SP22020-12-17
CVE-2020-27010 [MEDIUM] CWE-79 CVE-2020-27010: A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
nvd
CVE-2020-8462P4MEDIUMCVSS 4.8v6.5 SP22020-12-17
CVE-2020-8462 [MEDIUM] CWE-79 CVE-2020-8462: A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
nvd
Trend Micro Interscan Web Security Virtual Appliance vulnerabilities | cvebase