CVE-2020-27693

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...

CVE-2020-27694

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...

CVE-2020-27019

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...

Server side request forgery (ssrf)

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...

Design/Logic Flaw

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...

Cross site request forgery (csrf)

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...

Information disclosure

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...

CVE-2020-27694

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 has updated a specific critical library that may vulnerable to attack...

Design/Logic Flaw

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 before CP 1644 has XSS...

CVE-2017-7896

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 before CP 1644 has XSS...

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.ims...