Lucene search
K
TrendmicroInterscan Messaging Security Virtual Appliance

13 matches found

CVE
CVE
added 2021/03/03 3:43 p.m.62 views

CVE-2021-25252

CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...

5.5CVSS5.4AI score0.00556EPSS
CVE
CVE
added 2020/11/09 11:10 p.m.61 views

CVE-2020-27018

CVE-2020-27018 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The issue is a server-side request forgery (SSRF) vulnerability in the product’s web server that, when abused by an authenticated attacker, could grant access to web resources or parts of local files. V...

5.5CVSS5.3AI score0.03467EPSS
CVE
CVE
added 2020/11/09 11:10 p.m.53 views

CVE-2020-27016

CVE-2020-27016 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is a CSRF flaw that could enable an attacker to modify policy rules by convincing an authenticated administrator to visit a crafted page. Exploitation requires the attacker to have pro...

8.8CVSS8.6AI score0.01875EPSS
Web
CVE
CVE
added 2017/08/03 3:0 p.m.47 views

CVE-2017-11391

CVE-2017-11391 describes a proxy command injection in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw arises from improper validation of parameters in the modTMCSS Proxy function, specifically when parsing the unsigned input in the t parameter, allowing a remote at...

8.8CVSS9AI score0.61777EPSS
CVE
CVE
added 2017/08/03 3:0 p.m.47 views

CVE-2017-11392

CVE-2017-11392 describes a proxy command-injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw affects the modTMCSS Proxy component, where the vulnerability arises from parsing the "+T+" parameter, leading to remote arbitrary code execution on ...

8.8CVSS9AI score0.33763EPSS
CVE
CVE
added 2017/03/14 9:2 a.m.47 views

CVE-2017-6398

Trend Micro InterScan Messaging Security (Virtual Appliance) (IMSVA) 9.1-1600 contains a command injection via the saveCert.imss endpoint. An authenticated user can pass input that is used as arguments to an OS command without proper sanitization, enabling arbitrary command execution as the web s...

9CVSS8.8AI score0.55EPSS
Web
CVE
CVE
added 2020/11/09 11:10 p.m.46 views

CVE-2020-27694

CVE-2020-27694 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The issue arises from updating a specific critical library, creating a potential vulnerability. NVD data lists a high-severity impact (CVSS 3.1 base 8.8) with network access and low attack complexity, a...

8.8CVSS8.5AI score0.07279EPSS
CVE
CVE
added 2020/11/09 11:10 p.m.45 views

CVE-2020-27017

Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...

4.9CVSS4.9AI score0.06392EPSS
Web
CVE
CVE
added 2017/04/18 3:0 p.m.43 views

CVE-2017-7896

CVE-2017-7896 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644, with a Cross-Site Scripting (XSS) vulnerability in the web UI. The vulnerability is documented in sources that specify IMSVA 9.1 prior to CP 1644 as affected; CVSS metrics show a base scor...

6.1CVSS6.2AI score0.04279EPSS
CVE
CVE
added 2014/05/30 2:0 p.m.41 views

CVE-2014-3922

CVE-2014-3922 is an XSS vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516. The flaw allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. According to the NVD entry, the CVS...

4.3CVSS5.4AI score0.02091EPSS
CVE
CVE
added 2018/02/16 10:0 p.m.41 views

CVE-2018-3609

CVE-2018-3609 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) management portal for versions 9.0/9.1. The issue is an authentication bypass caused by insufficient protection of a log file containing session credentials, enabling an unauthenticated user to access sensiti...

8.1CVSS8AI score0.21826EPSS
CVE
CVE
added 2020/11/09 11:10 p.m.40 views

CVE-2020-27019

Summary of CVE-2020-27019 (IMSVA 9.1) : The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is affected by an information-disclosure vulnerability that could allow an attacker to access a specific database and key. The issue is documented across multiple sources in ...

5.5CVSS5.2AI score0.17884EPSS
CVE
CVE
added 2020/11/09 11:10 p.m.40 views

CVE-2020-27693

CVE-2020-27693 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is that administrative passwords are stored using an outdated hash. Public details in connected sources include an SEC Consult advisory listing IMSVA vulnerability data with vulnerable...

4.4CVSS4.8AI score0.01754EPSS