Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Interscan_web_security_virtual_appliance
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-17 | CVE-2020-27010 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | Interscan_web_security_virtual_appliance | 4.8 | ||
| 2020-12-17 | CVE-2020-8462 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | Interscan_web_security_virtual_appliance | 4.8 | ||
| 2020-12-17 | CVE-2020-8463 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | Interscan_web_security_virtual_appliance | 7.5 | ||
| 2020-12-17 | CVE-2020-8464 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | Interscan_web_security_virtual_appliance | 7.5 | ||
| 2020-12-17 | CVE-2020-8465 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | Interscan_web_security_virtual_appliance | 9.8 | ||
| 2020-12-17 | CVE-2020-8466 | A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | Interscan_web_security_virtual_appliance | 9.8 | ||
| 2021-03-03 | CVE-2021-25252 | Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | Apex_central, Apex_one, Cloud_edge, Control_manager, Deep_discovery_analyzer, Deep_discovery_email_inspector, Deep_discovery_inspector, Deep_security, Interscan_messaging_security_virtual_appliance, Interscan_web_security_virtual_appliance, Officescan, Portal_protect, Safe_lock, Scanmail, Scanmail_for_ibm_domino, Serverprotect, Serverprotect_for_network_appliance_filers, Serverprotect_for_storage, Worry\-Free_business_security | 5.5 | ||
| 2021-06-17 | CVE-2021-31521 | Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. | Interscan_web_security_virtual_appliance | 5.4 | ||
| 2017-09-22 | CVE-2017-11396 | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | Interscan_web_security_virtual_appliance | N/A | ||
| 2017-04-05 | CVE-2017-6339 | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA... | Interscan_web_security_virtual_appliance | 6.5 |