Lucene search

Interscan Messaging Security Virtual Appliance Security Vulnerabilities - 2020

cve

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must ...

8.8CVSS

8.6AI Score

0.001EPSS

2020-11-09 11:15 PM

cve

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges ...

4.9CVSS

4.9AI Score

0.001EPSS

2020-11-09 11:15 PM

cve

CVE-2020-27018

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have ...

5.5CVSS

5.3AI Score

0.001EPSS

2020-11-09 11:15 PM

cve

CVE-2020-27019

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.

5.5CVSS

5.2AI Score

0.003EPSS

2020-11-09 11:15 PM

cve

CVE-2020-27693

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

4.4CVSS

4.8AI Score

0.001EPSS

2020-11-09 11:15 PM

cve

CVE-2020-27694

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.

8.8CVSS

8.5AI Score

0.001EPSS

2020-11-09 11:15 PM