Trendmicro Interscan Web Security Virtual Appliance vulnerabilities
29 known vulnerabilities affecting trendmicro/interscan_web_security_virtual_appliance.
Total CVEs
29
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH12MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2017-11396P3HIGHCVSS 7.2v6.52017-09-22
CVE-2017-11396 [HIGH] CVE-2017-11396: Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
nvd
CVE-2020-8603P4MEDIUMCVSS 6.1v6.52020-05-27
CVE-2020-8603 [MEDIUM] CWE-79 CVE-2020-8603: A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
nvd
CVE-2024-36359P4MEDIUMCVSS 5.4v6.52024-06-10
CVE-2024-36359 [MEDIUM] CWE-79 CVE-2024-36359: A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2021-31521P4MEDIUMCVSS 5.4v6.52021-06-17
CVE-2021-31521 [MEDIUM] CWE-79 CVE-2021-31521: Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
nvd
CVE-2014-8510P4MEDIUMCVSS 4.0v5.1v5.5+2 more2014-11-07
CVE-2014-8510 [MEDIUM] CWE-20 CVE-2014-8510: The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.
nvd
CVE-2021-25252P4MEDIUMCVSS 5.5v6.52021-03-03
CVE-2021-25252 [MEDIUM] CWE-400 CVE-2021-25252: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a me
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
nvd
CVE-2009-0612P4MEDIUMCVSS 4.3v3.12009-02-17
CVE-2009-0612 [MEDIUM] CWE-200 CVE-2009-0612: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (I
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
nvd
CVE-2020-27010P4MEDIUMCVSS 4.8v6.52020-12-17
CVE-2020-27010 [MEDIUM] CWE-79 CVE-2020-27010: A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
nvd
CVE-2020-8462P4MEDIUMCVSS 4.8v6.52020-12-17
CVE-2020-8462 [MEDIUM] CWE-79 CVE-2020-8462: A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
nvd
← Previous2 / 2