50 matches found
Trend Micro IMSVA External Entity Injection (CVE-2020-27017)
An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...
CVE-2020-27019
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...
CVE-2020-27018
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...
CVE-2020-27016
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...
CVE-2020-27693
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...
CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...
CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...
CVE-2020-27693
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...
Cross site request forgery (csrf)
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...
Xxe
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...
Design/Logic Flaw
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...
Server side request forgery (ssrf)
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...
Information disclosure
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...
Design/Logic Flaw
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...
CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...
CVE-2020-27019
Summary of CVE-2020-27019 (IMSVA 9.1) : The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is affected by an information-disclosure vulnerability that could allow an attacker to access a specific database and key. The issue is documented across multiple sources in ...
CVE-2020-27694
CVE-2020-27694 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The issue arises from updating a specific critical library, creating a potential vulnerability. NVD data lists a high-severity impact (CVSS 3.1 base 8.8) with network access and low attack complexity, a...
CVE-2020-27019
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...
CVE-2020-27693
CVE-2020-27693 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is that administrative passwords are stored using an outdated hash. Public details in connected sources include an SEC Consult advisory listing IMSVA vulnerability data with vulnerable...
CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...