cbcvebase.

Trendmicro Interscan Web Security Virtual Appliance vulnerabilities

29 known vulnerabilities affecting trendmicro/interscan_web_security_virtual_appliance.

Total CVEs
29
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH12MEDIUM12

Vulnerabilities

Page 1 of 2
CVE-2020-8605P1HIGHCVSS 8.8PoCv6.52020-05-27
CVE-2020-8605 [HIGH] CWE-78 CVE-2020-8605: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
nvd
CVE-2020-8606P1CRITICALCVSS 9.8PoCv6.52020-05-27
CVE-2020-8606 [CRITICAL] CWE-287 CVE-2020-8606: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
nvd
CVE-2020-8604P2HIGHCVSS 7.5PoCv6.52020-05-27
CVE-2020-8604 [HIGH] CWE-22 CVE-2020-8604: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
nvd
CVE-2016-9269P2CRITICALCVSS 9.9PoC≤ 6.52017-02-21
CVE-2016-9269 [CRITICAL] CWE-264 CVE-2016-9269: Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Se Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP
nvd
CVE-2020-8466P1CRITICALCVSS 9.8v6.52020-12-17
CVE-2020-8466 [CRITICAL] CWE-78 CVE-2020-8466: A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, w A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
nvd
CVE-2020-28578P2CRITICALCVSS 9.8v6.52020-11-18
CVE-2020-28578 [CRITICAL] CWE-787 CVE-2020-28578: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unaut A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
nvd
CVE-2016-9315P2HIGHCVSS 8.8PoC≤ 6.52017-02-21
CVE-2016-9315 [HIGH] CWE-264 CVE-2016-9315: Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Tren Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.
nvd
CVE-2020-28579P2HIGHCVSS 8.8v6.52020-11-18
CVE-2020-28579 [HIGH] CWE-787 CVE-2020-28579: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authe A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
nvd
CVE-2020-28580P2HIGHCVSS 7.2v6.52020-11-18
CVE-2020-28580 [HIGH] CWE-78 CVE-2020-28580: A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appli A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
nvd
CVE-2020-28581P2HIGHCVSS 7.2v6.52020-11-18
CVE-2020-28581 [HIGH] CWE-78 CVE-2020-28581: A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Ap A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
nvd
CVE-2016-9314P3HIGHCVSS 7.8PoC≤ 6.52017-02-21
CVE-2016-9314 [HIGH] CWE-200 CVE-2016-9314: Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive
nvd
CVE-2017-6339P3MEDIUMCVSS 6.5PoC≤ 6.52017-04-05
CVE-2017-6339 [MEDIUM] CWE-269 CVE-2017-6339: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain k Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also
nvd
CVE-2017-6338P3MEDIUMCVSS 6.5PoC≤ 6.52017-04-05
CVE-2017-6338 [MEDIUM] CWE-732 CVE-2017-6338: Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 b Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
nvd
CVE-2020-8465P3CRITICALCVSS 9.8v6.52020-12-17
CVE-2020-8465 [CRITICAL] CVE-2020-8465: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
nvd
CVE-2017-6340P4MEDIUMCVSS 5.4PoC≤ 6.52017-04-05
CVE-2017-6340 [MEDIUM] CWE-79 CVE-2017-6340: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low pri
nvd
CVE-2019-9490P3HIGHCVSS 8.8v6.52019-04-05
CVE-2019-9490 [HIGH] CVE-2019-9490: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.
nvd
CVE-2016-9316P4MEDIUMCVSS 5.4PoC≤ 6.52017-02-21
CVE-2016-9316 [MEDIUM] CWE-79 CVE-2016-9316: Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccou Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolv
nvd
CVE-2020-8464P3HIGHCVSS 7.5v6.52020-12-17
CVE-2020-8464 [HIGH] CWE-918 CVE-2020-8464: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
nvd
CVE-2020-8463P3HIGHCVSS 7.5v6.52020-12-17
CVE-2020-8463 [HIGH] CWE-22 CVE-2020-8463: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
nvd
CVE-2020-8461P3HIGHCVSS 8.8v6.52020-12-17
CVE-2020-8461 [HIGH] CWE-352 CVE-2020-8461: A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 S A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
nvd
Trendmicro Interscan Web Security Virtual Appliance vulnerabilities | cvebase