431 matches found
CVE-2020-8465
CVE-2020-8465 affects Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. Connected sources describe it as part of multiple vulnerabilities in IWSVA (with CVEs 2020-8461/8464) that enable authentication bypass and remote code execution, potentially allowing code execution as root via sy...
CVE-2020-8465
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...
CVE-2020-8463
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths...
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...
CVE-2020-8463
CVE-2020-8463 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2, where an attacker can bypass global authorization for anonymous users by manipulating request paths. The issue is described across multiple sources as an authentication bypass vulnerability caused by insuf...
CVE-2020-8464
CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...
CVE-2020-8461
CVE-2020-8461 describes a CSRF protection bypass in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An attacker could induce a victim to make a specially encoded request without a valid CSRF token, effectively bypassing CSRF protections. This affects IWSVA 6.5 SP2; CVSS metrics indi...
CVE-2020-8462
A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product...
CVE-2020-8462
CVE-2020-8462 describes a cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 that could allow an attacker to tamper with the product’s web interface. The connected Red Hat and CNVD entries corroborate the same issue class and target pr...
CVE-2020-27010
CVE-2020-27010 : A cross-site scripting (XSS) vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, affecting the web interface. The issue is caused by improper validation of user-supplied input in the web interface, allowing an attacker to tamper with the ...
CVE-2020-27010
A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462...
Trend Micro InterScan Web Security Virtual Appliance 跨站请求伪造漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A security vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance 6....
Trend Micro InterScan Web Security Virtual Appliance 跨站脚本漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A cross-site scripting vulnerability exists in Trend Micro InterScan Web Security Virtual...
Trend Micro InterScan Web Security Virtual Appliance 授权问题漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command execution vulnerability exists in Trend Micro InterScan Web Security Virtual...
Trend Micro InterScan Web Security Virtual Appliance 安全漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. An authorization bypass vulnerability exists in Trend Micro InterScan Web Security Virtual...
Trend Micro InterScan Web Security Virtual Appliance 跨站脚本漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A cross-site scripting vulnerability exists in Trend Micro InterScan Web Security Virtual...
Trend Micro InterScan Web Security Virtual Appliance 代码问题漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. An authentication bypass vulnerability exists in Trend Micro InterScan Web Security Virtua...
Trend Micro InterScan Web Security Virtual Appliance 命令注入漏洞
Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command injection vulnerability exists in Trend Micro InterScan Web Security Virtual...
Trend Micro InterScan Web Security Virtual Appliance Command Injection (CVE-2020-28580; CVE-2020-28581)
A command injection vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Trend Micro InterScan Web Security Virtual Appliance Stack Overflow (CVE-2020-28578; CVE-2020-28579)
A stack overflow vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...