Lucene search
K

CVE-2016-9315

🗓️ 21 Feb 2017 07:46:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 66 Views🌐 WEB

Privilege Escalation in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5-SP2 and earlier allows authenticated users to change Master Admin's password and add new admin accounts. Resolved in Version 6.5 CP 1737

Related
Detection
Refs
Paths
ParameterPositionPathDescriptionCWE
wherefromrequest body/uilogonsubmit.jspAuthentication bypass to escalate privileges via login flowCWE-264
wronglogonrequest body/uilogonsubmit.jspAuthentication bypass to escalate privileges via login flowCWE-264
uidrequest body/uilogonsubmit.jspAuthentication bypass to escalate privileges via login flowCWE-264
passwdrequest body/uilogonsubmit.jspAuthentication bypass to escalate privileges via login flowCWE-264
pwdrequest body/uilogonsubmit.jspAuthentication bypass to escalate privileges via login flowCWE-264
CSRFGuardTokenrequest body/servlet/com.trend.iwss.gui.servlet.updateaccountadministrationPrivilege escalation by modifying admin account settingsCWE-264
accountoprequest body/servlet/com.trend.iwss.gui.servlet.updateaccountadministrationPrivilege escalation by modifying admin account settingsCWE-264
allaccountrequest body/servlet/com.trend.iwss.gui.servlet.updateaccountadministrationPrivilege escalation by modifying admin account settingsCWE-264
accountnamerequest body/servlet/com.trend.iwss.gui.servlet.updateaccountadministrationPrivilege escalation by modifying admin account settingsCWE-264
commonnamerequest body/servlet/com.trend.iwss.gui.servlet.updateaccountadministrationPrivilege escalation by modifying admin account settingsCWE-264
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation