Lucene search
K

431 matches found

CNVD
CNVD
added 2020/12/18 12:0 a.m.2 views

Trend Micro InterScan Web Security Virtual Appliance Command Execution Vulnerability (CNVD-2020-73776)

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command execution vulnerability exists in Trend Micro InterScan Web Security Virtual...

10CVSS7.5AI score0.02574EPSS
Exploits2References1
NVD
NVD
added 2020/12/17 9:15 p.m.18 views

CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password...

9.8CVSS9.8AI score0.63711EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.6 views

CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password...

9.8CVSS7.4AI score0.63711EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.5 views

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

7.5CVSS7.2AI score0.06341EPSS
Exploits2References2
NVD
NVD
added 2020/12/17 9:15 p.m.18 views

CVE-2020-8465

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

10CVSS8.4AI score0.02574EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.4 views

CVE-2020-8465

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

9.8CVSS7.3AI score0.02574EPSS
Exploits2References2
NVD
NVD
added 2020/12/17 9:15 p.m.23 views

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

7.5CVSS8.5AI score0.06341EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.6 views

CVE-2020-8462

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product...

4.8CVSS5.8AI score0.01134EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.3 views

CVE-2020-8463

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths...

7.5CVSS7.1AI score0.05908EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.5 views

CVE-2020-27010

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462...

4.8CVSS5.8AI score0.00713EPSS
Exploits0References1
NVD
NVD
added 2020/12/17 9:15 p.m.26 views

CVE-2020-27010

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462...

4.8CVSS4.9AI score0.00713EPSS
Exploits0References1
NVD
NVD
added 2020/12/17 9:15 p.m.27 views

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...

8.8CVSS9.2AI score0.01136EPSS
Exploits2References2
OSV
OSV
added 2020/12/17 9:15 p.m.3 views

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...

8.8CVSS7.3AI score0.01136EPSS
Exploits2References2
Prion
Prion
added 2020/12/17 9:15 p.m.19 views

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

10CVSS8.4AI score0.06341EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2020/12/17 9:15 p.m.19 views

Cross site scripting

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product...

3.5CVSS4.9AI score0.01134EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2020/12/17 9:15 p.m.17 views

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

5CVSS8.5AI score0.06341EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2020/12/17 9:15 p.m.17 views

Authorization

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths...

5CVSS7.5AI score0.05908EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2020/12/17 9:15 p.m.18 views

Command injection

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password...

7.5CVSS9.7AI score0.63711EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/12/17 9:5 p.m.55 views

CVE-2020-8466

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 is affected by a command injection vulnerability (CVE-2020-8466) in which an unauthenticated attacker could execute commands by supplying a manipulated password. Root cause involves the password handling path enabling arbitrary ...

9.8CVSS9.8AI score0.63711EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/12/17 9:5 p.m.19 views

CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password...

9.8AI score0.63711EPSS
Exploits2References2
Rows per page
Query Builder