Lucene search
+L

50 matches found

CVE
CVE
added 2020/11/09 11:10 p.m.47 views

CVE-2020-27017

Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...

4.9CVSS4.9AI score0.06392EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/11/09 11:10 p.m.23 views

CVE-2020-27018

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...

5.5AI score0.03467EPSS
Exploits2References2
Cvelist
Cvelist
added 2020/11/09 11:10 p.m.27 views

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...

5AI score0.06392EPSS
Exploits2References2
CVE
CVE
added 2020/11/09 11:10 p.m.55 views

CVE-2020-27016

CVE-2020-27016 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is a CSRF flaw that could enable an attacker to modify policy rules by convincing an authenticated administrator to visit a crafted page. Exploitation requires the attacker to have pro...

8.8CVSS8.6AI score0.01875EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/11/09 11:10 p.m.22 views

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...

8.7AI score0.01875EPSS
Exploits2References2
CNVD
CNVD
added 2020/11/06 12:0 a.m.22 views

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Server-Side Cross-Site Request Forgery Vulnerability

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA is an appliance for securing communications from Trend Micro. A cross-site request forgery vulnerability exists on the server side of the Trend Micro InterScan Messaging Security Virtual Appliance IMSVA. An attacker could use a web...

5.5CVSS5.4AI score0.03467EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.400 views

Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....

0.3AI score0.17884EPSS
Exploits7
Circl
Circl
added 2018/05/29 3:50 p.m.7 views

CVE-2017-11391

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

8.8CVSS8.8AI score0.61777EPSS
Exploits0References1
Circl
Circl
added 2018/05/29 3:50 p.m.5 views

CVE-2017-11392

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

8.8CVSS8.8AI score0.33763EPSS
Exploits0References1
Circl
Circl
added 2018/05/29 3:50 p.m.7 views

CVE-2017-7896

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

6.1CVSS6AI score0.04279EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2018/05/02 12:0 a.m.17 views

Trend Micro IMSVA Management Portal Authentication Bypass (CVE-2018-3609)

An authentication bypass exists in Trend Micro InterScan Mail Security Virtual Appliance. The vulnerability is due to insufficient protection of a log file containing session credentials for authenticated users...

4.3CVSS3.8AI score0.21826EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/02/14 12:0 a.m.62 views

Trend Micro IMSVA Management Portal Authentication Bypass Vulnerability

The Trend Micro InterScan Messaging Security Virtual Appliance IMSVA management portal is vulnerable to an authentication bypass vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

8.1CVSS8.4AI score0.21826EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2018/02/09 12:0 a.m.51 views

Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass

KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili...

7.1AI score
Exploits0
KoreLogic Security
KoreLogic Security
added 2018/02/08 12:0 a.m.12 views

Trend Micro IMSVA Management Portal Authentication Bypass

Vulnerability Details Affected Vendor: Trend Micro Affected Product: InterScan Mail Security Virtual Apppliance Affected Version: 9.1.0.1600 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-219: Sensitive Data Under Web Root Impact: Authentication...

7.3AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2017/10/12 12:0 a.m.43 views

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution", 'Description' = %q This module exploits the authentication bypa...

0.5AI score
Exploits0
0day.today
0day.today
added 2017/10/11 12:0 a.m.34 views

Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution",...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2017/10/08 3:15 p.m.21 views

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Mic...

10AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/18 12:0 a.m.35 views

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits a command injection...

0.5AI score
Exploits0
OpenVAS
OpenVAS
added 2017/04/25 12:0 a.m.27 views

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Multiple Vulnerabilities

Trend Micro InterScan Messaging Security Virtual Appliance is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

6.1CVSS6.5AI score0.04279EPSS
Exploits0References2
Prion
Prion
added 2017/04/18 3:59 p.m.17 views

Design/Logic Flaw

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 before CP 1644 has XSS...

4.3CVSS6.3AI score0.04279EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder