13 matches found
CVE-2021-25252
CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...
CVE-2020-27018
CVE-2020-27018 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The issue is a server-side request forgery (SSRF) vulnerability in the product’s web server that, when abused by an authenticated attacker, could grant access to web resources or parts of local files. V...
CVE-2020-27016
CVE-2020-27016 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is a CSRF flaw that could enable an attacker to modify policy rules by convincing an authenticated administrator to visit a crafted page. Exploitation requires the attacker to have pro...
CVE-2017-11391
CVE-2017-11391 describes a proxy command injection in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw arises from improper validation of parameters in the modTMCSS Proxy function, specifically when parsing the unsigned input in the t parameter, allowing a remote at...
CVE-2017-11392
CVE-2017-11392 describes a proxy command-injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw affects the modTMCSS Proxy component, where the vulnerability arises from parsing the "+T+" parameter, leading to remote arbitrary code execution on ...
CVE-2017-6398
Trend Micro InterScan Messaging Security (Virtual Appliance) (IMSVA) 9.1-1600 contains a command injection via the saveCert.imss endpoint. An authenticated user can pass input that is used as arguments to an OS command without proper sanitization, enabling arbitrary command execution as the web s...
CVE-2020-27694
CVE-2020-27694 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The issue arises from updating a specific critical library, creating a potential vulnerability. NVD data lists a high-severity impact (CVSS 3.1 base 8.8) with network access and low attack complexity, a...
CVE-2020-27017
Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...
CVE-2017-7896
CVE-2017-7896 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644, with a Cross-Site Scripting (XSS) vulnerability in the web UI. The vulnerability is documented in sources that specify IMSVA 9.1 prior to CP 1644 as affected; CVSS metrics show a base scor...
CVE-2014-3922
CVE-2014-3922 is an XSS vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516. The flaw allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. According to the NVD entry, the CVS...
CVE-2018-3609
CVE-2018-3609 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) management portal for versions 9.0/9.1. The issue is an authentication bypass caused by insufficient protection of a log file containing session credentials, enabling an unauthenticated user to access sensiti...
CVE-2020-27019
Summary of CVE-2020-27019 (IMSVA 9.1) : The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is affected by an information-disclosure vulnerability that could allow an attacker to access a specific database and key. The issue is documented across multiple sources in ...
CVE-2020-27693
CVE-2020-27693 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is that administrative passwords are stored using an outdated hash. Public details in connected sources include an SEC Consult advisory listing IMSVA vulnerability data with vulnerable...