Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

137 matches found

OSV
OSVadded 2019/04/05 11:29 p.m.1 views

CVE-2019-9490

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability...

8.8CVSS7.2AI score0.00696EPSS
Exploits0References2
NVD
NVDadded 2019/04/05 11:29 p.m.14 views

CVE-2019-9490

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability...

8.8CVSS8.5AI score0.00696EPSS
Exploits0References2
Prion
Prionadded 2019/04/05 11:29 p.m.9 views

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability...

4CVSS8.4AI score0.00696EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2017/09/21 6:58 a.m.1 views

InterScan Web Security Virtual Appliance vulnerable to code injection

Overview InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability. Impact Arbitrary code may be executed by a user who logged-in to the management screen of the product as an administrator. Solution Apply the Patch Apply the patch accordi...

9CVSS7.2AI score0.0088EPSS
Exploits0References4
Dsquare
Dsquareadded 2017/07/22 12:0 a.m.25 views

Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings RCE

Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

2AI score
Exploits0
CNVD
CNVDadded 2017/06/21 12:0 a.m.1 views

Trend Micro InterScan Web Security XML Entity Injection Vulnerability

Trend Micro InterScan Web Security is a Web security gateway that provides dynamic, integrated security for enterprise networks against Web-based threats. Trend Micro InterScan Web Security suffers from an xml entity injection vulnerability. An attacker can exploit this vulnerability to read...

7.1AI score
Exploits0References1
OpenVAS
OpenVASadded 2017/04/10 12:0 a.m.37 views

Trend Micro Interscan Web Security Virtual Appliance Default Credentials (HTTP)

This script detects if the remote Trend Micro InterScan Web Security Virtual Appliance has a default password of adminIWSS85 for the admin account. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.6AI score
Exploits0
CNVD
CNVDadded 2017/04/10 12:0 a.m.4 views

Trend Micro InterScan Web Security Virtual Appliance Security Bypass Vulnerability

The Trend Micro InterScan Web Security Virtual Appliance is a Web security gateway that provides dynamic, integrated security for enterprise networks against Web-based threats. A security bypass vulnerability exists in the Trend Micro InterScan Web Security Virtual Appliance. An attacker could us...

6.5CVSS6.6AI score0.02677EPSS
Exploits5References1
CNVD
CNVDadded 2017/04/07 12:0 a.m.2 views

Trend Micro InterScan Web Security Virtual Appliance Elevation of Privilege Vulnerability

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. An elevation of privilege vulnerability exists in the Trend Micro InterScan Web Security...

6.5CVSS7AI score0.01013EPSS
Exploits5References1
OSV
OSVadded 2017/04/05 4:59 p.m.2 views

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

6.5CVSS5.8AI score0.01013EPSS
Exploits5References3
OSV
OSVadded 2017/04/05 4:59 p.m.3 views

CVE-2017-6340

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that...

5.4CVSS5.8AI score0.00227EPSS
Exploits5References3
Cvelist
Cvelistadded 2017/04/05 4:0 p.m.22 views

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

6.6AI score0.01013EPSS
Exploits5References3
Zero Day Initiative
Zero Day Initiativeadded 2017/03/30 12:0 a.m.25 views

Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setHostname Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setDataIPConfig method. A crafted...

9CVSS4.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/30 12:0 a.m.17 views

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration dataIP6Changed Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method...

9CVSS5.3AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.21 views

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP6_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

9CVSS5.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.40 views

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration dataIPChanged Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method...

9CVSS5.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.18 views

Trend Micro InterScan Web Security Virtual Appliance ManagePatches rollbackPatch Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the ManagePatches' rollbackPatch method. A crafted...

9CVSS4.9AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.27 views

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration mgnt_gateway6 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

9CVSS5.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.29 views

Trend Micro InterScan Web Security Virtual Appliance ClusterManagement ChangeNodeSetting Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ClusterManagement's ChangeNodeSetting function. A...

9CVSS5.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2017/03/29 12:0 a.m.44 views

Trend Micro InterScan Web Security Virtual Appliance WmiDCDetector getAdHost Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within WmiDCDetector's getADHost method. A crafted domai...

7.5CVSS5.6AI score
Exploits0References1
Rows per page
Query Builder