Lucene search

K

Interscan Web Security Virtual Appliance Security Vulnerabilities

cve
cve

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2021-31521

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive...

5.4CVSS

5.3AI Score

0.001EPSS

2021-06-17 12:15 PM
18
cve
cve

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted...

5.5CVSS

5.4AI Score

0.0004EPSS

2021-03-03 04:15 PM
32
cve
cve

CVE-2020-8465

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user...

9.8CVSS

8.3AI Score

0.003EPSS

2020-12-17 09:15 PM
21
2
cve
cve

CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated...

9.8CVSS

9.8AI Score

0.418EPSS

2020-12-17 09:15 PM
27
2
cve
cve

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have...

7.5CVSS

8.4AI Score

0.003EPSS

2020-12-17 09:15 PM
16
2
cve
cve

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF...

8.8CVSS

9AI Score

0.001EPSS

2020-12-17 09:15 PM
27
2
cve
cve

CVE-2020-8463

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request...

7.5CVSS

7.5AI Score

0.004EPSS

2020-12-17 09:15 PM
34
2
cve
cve

CVE-2020-27010

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar...

4.8CVSS

4.8AI Score

0.001EPSS

2020-12-17 09:15 PM
23
2
cve
cve

CVE-2020-8462

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the...

4.8CVSS

4.8AI Score

0.001EPSS

2020-12-17 09:15 PM
18
3
cve
cve

CVE-2020-28581

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated...

7.2CVSS

7.4AI Score

0.035EPSS

2020-11-18 07:15 PM
20
cve
cve

CVE-2020-28578

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated...

9.8CVSS

9.7AI Score

0.027EPSS

2020-11-18 07:15 PM
47
1
cve
cve

CVE-2020-28579

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated...

8.8CVSS

9.2AI Score

0.012EPSS

2020-11-18 07:15 PM
24
cve
cve

CVE-2020-28580

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated...

7.2CVSS

7.4AI Score

0.035EPSS

2020-11-18 07:15 PM
20
cve
cve

CVE-2020-27018

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have....

5.5CVSS

5.3AI Score

0.001EPSS

2020-11-09 11:15 PM
31
cve
cve

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must....

8.8CVSS

8.6AI Score

0.001EPSS

2020-11-09 11:15 PM
24
cve
cve

CVE-2020-8604

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected...

7.5CVSS

7.7AI Score

0.972EPSS

2020-05-27 11:15 PM
123
cve
cve

CVE-2020-8603

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

6.1CVSS

5.9AI Score

0.003EPSS

2020-05-27 11:15 PM
19
cve
cve

CVE-2020-8605

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this...

8.8CVSS

9.2AI Score

0.962EPSS

2020-05-27 11:15 PM
111
2
cve
cve

CVE-2020-8606

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual...

9.8CVSS

9.5AI Score

0.972EPSS

2020-05-27 11:15 PM
106
cve
cve

CVE-2019-9490

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the...

8.8CVSS

8.4AI Score

0.001EPSS

2019-04-05 11:29 PM
28
cve
cve

CVE-2017-11396

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code...

7.2CVSS

7.2AI Score

0.002EPSS

2017-09-22 04:29 PM
22
cve
cve

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption.....

6.5CVSS

6.5AI Score

0.002EPSS

2017-04-05 04:59 PM
38
cve
cve

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to...

6.5CVSS

6.4AI Score

0.003EPSS

2017-04-05 04:59 PM
40
cve
cve

CVE-2017-6340

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that....

5.4CVSS

5.7AI Score

0.001EPSS

2017-04-05 04:59 PM
39
cve
cve

CVE-2017-6398

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The....

8.8CVSS

8.8AI Score

0.112EPSS

2017-03-14 09:59 AM
23
cve
cve

CVE-2016-9314

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto.....

7.8CVSS

8.1AI Score

0.002EPSS

2017-02-21 07:59 AM
27
cve
cve

CVE-2016-9316

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject...

5.4CVSS

7.3AI Score

0.001EPSS

2017-02-21 07:59 AM
27
cve
cve

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch...

9.9CVSS

9.7AI Score

0.004EPSS

2017-02-21 07:59 AM
30
cve
cve

CVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password...

8.8CVSS

9.1AI Score

0.003EPSS

2017-02-21 07:59 AM
36
cve
cve

CVE-2014-8510

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving...

6.3AI Score

0.009EPSS

2014-11-07 07:55 PM
18
cve
cve

CVE-2014-3922

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to...

5.4AI Score

0.002EPSS

2014-05-30 02:55 PM
19
cve
cve

CVE-2009-0612

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by...

6.8AI Score

0.003EPSS

2009-02-17 05:30 PM
18