CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2020/12/17 9:15 p.m.•1 views

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...

8.8CVSS7.3AI score0.00231EPSS

NVD•added 2020/12/17 9:15 p.m.•13 views

CVE-2020-27010

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462...

4.8CVSS4.9AI score0.00415EPSS

Exploits1References1

OSV•added 2020/12/17 9:15 p.m.•1 views

CVE-2020-27010

4.8CVSS5.8AI score0.00415EPSS

Exploits1References1

Prion•added 2020/12/17 9:15 p.m.•13 views

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

5CVSS8.5AI score0.00644EPSS

Prion•added 2020/12/17 9:15 p.m.•15 views

Command injection

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password...

7.5CVSS9.7AI score0.27274EPSS

Prion•added 2020/12/17 9:15 p.m.•16 views

Cross site scripting

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product...

3.5CVSS4.9AI score0.0047EPSS

Prion•added 2020/12/17 9:15 p.m.•15 views

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

10CVSS8.4AI score0.00644EPSS

Exploits4References2Affected Software1

Cvelist•added 2020/12/17 9:5 p.m.•11 views

CVE-2020-8466

9.8AI score0.27274EPSS

Cvelist•added 2020/12/17 9:5 p.m.•13 views

CVE-2020-8465

8.4AI score0.00178EPSS

Cvelist•added 2020/12/17 9:5 p.m.•12 views

CVE-2020-8463

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths...

7.5AI score0.00561EPSS

CVE•added 2020/12/17 9:5 p.m.•40 views

CVE-2020-8464

CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...

7.5CVSS8.4AI score0.00644EPSS

Cvelist•added 2020/12/17 9:5 p.m.•13 views

CVE-2020-8464

7.9AI score0.00644EPSS

CNNVD•added 2020/12/16 12:0 a.m.•3 views

Trend Micro InterScan Web Security Virtual Appliance 跨站脚本漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A cross-site scripting vulnerability exists in Trend Micro InterScan Web Security Virtual...

4.8CVSS5.7AI score0.00415EPSS

Exploits1References3

10CVSS7.6AI score0.00178EPSS

Trend Micro InterScan Web Security Virtual Appliance 授权问题漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command execution vulnerability exists in Trend Micro InterScan Web Security Virtual...

7.5CVSS7.1AI score0.00561EPSS

Trend Micro InterScan Web Security Virtual Appliance 安全漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. An authorization bypass vulnerability exists in Trend Micro InterScan Web Security Virtual...

7.5CVSS7.2AI score0.00644EPSS

Trend Micro InterScan Web Security Virtual Appliance 代码问题漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. An authentication bypass vulnerability exists in Trend Micro InterScan Web Security Virtua...

4.8CVSS5.7AI score0.0047EPSS

Trend Micro InterScan Web Security Virtual Appliance 跨站脚本漏洞

CNNVD•added 2020/12/16 12:0 a.m.•3 views

Trend Micro InterScan Web Security Virtual Appliance 跨站请求伪造漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A security vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance 6....

8.8CVSS7.3AI score0.00231EPSS

CNNVD•added 2020/12/16 12:0 a.m.•3 views

Trend Micro InterScan Web Security Virtual Appliance 命令注入漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command injection vulnerability exists in Trend Micro InterScan Web Security Virtual...

9.8CVSS7.4AI score0.27274EPSS