50 matches found
CVE-2020-27017
Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...
CVE-2020-27018
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...
CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...
CVE-2020-27016
CVE-2020-27016 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is a CSRF flaw that could enable an attacker to modify policy rules by convincing an authenticated administrator to visit a crafted page. Exploitation requires the attacker to have pro...
CVE-2020-27016
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Server-Side Cross-Site Request Forgery Vulnerability
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA is an appliance for securing communications from Trend Micro. A cross-site request forgery vulnerability exists on the server side of the Trend Micro InterScan Messaging Security Virtual Appliance IMSVA. An attacker could use a web...
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....
CVE-2017-11391
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
CVE-2017-11392
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
CVE-2017-7896
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicroimsvawidgetexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Trend Micro IMSVA Management Portal Authentication Bypass (CVE-2018-3609)
An authentication bypass exists in Trend Micro InterScan Mail Security Virtual Appliance. The vulnerability is due to insufficient protection of a log file containing session credentials for authenticated users...
Trend Micro IMSVA Management Portal Authentication Bypass Vulnerability
The Trend Micro InterScan Messaging Security Virtual Appliance IMSVA management portal is vulnerable to an authentication bypass vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili...
Trend Micro IMSVA Management Portal Authentication Bypass
Vulnerability Details Affected Vendor: Trend Micro Affected Product: InterScan Mail Security Virtual Apppliance Affected Version: 9.1.0.1600 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-219: Sensitive Data Under Web Root Impact: Authentication...
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution", 'Description' = %q This module exploits the authentication bypa...
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution",...
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Mic...
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits a command injection...
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Multiple Vulnerabilities
Trend Micro InterScan Messaging Security Virtual Appliance is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Design/Logic Flaw
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 before CP 1644 has XSS...