Lucene search

K
TrendmicroInterscan Messaging Security Virtual Appliance

13 matches found

CVE
CVE
added 2020/11/09 11:15 p.m.47 views

CVE-2020-27018

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have ...

5.5CVSS5.3AI score0.00137EPSS
CVE
CVE
added 2021/03/03 4:15 p.m.46 views

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

5.5CVSS5.4AI score0.00063EPSS
CVE
CVE
added 2020/11/09 11:15 p.m.38 views

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must ...

8.8CVSS8.6AI score0.00286EPSS
CVE
CVE
added 2017/03/14 9:59 a.m.37 views

CVE-2017-6398

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The ...

9CVSS8.8AI score0.6462EPSS
CVE
CVE
added 2017/08/03 3:29 p.m.35 views

CVE-2017-11391

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.

8.8CVSS9AI score0.12628EPSS
CVE
CVE
added 2017/08/03 3:29 p.m.32 views

CVE-2017-11392

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.

8.8CVSS9AI score0.06769EPSS
CVE
CVE
added 2020/11/09 11:15 p.m.32 views

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges ...

4.9CVSS4.9AI score0.00998EPSS
CVE
CVE
added 2017/04/18 3:59 p.m.31 views

CVE-2017-7896

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.

6.1CVSS6.2AI score0.00354EPSS
CVE
CVE
added 2018/02/16 10:29 p.m.31 views

CVE-2018-3609

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

8.1CVSS8AI score0.26234EPSS
CVE
CVE
added 2020/11/09 11:15 p.m.31 views

CVE-2020-27694

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.

8.8CVSS8.5AI score0.01113EPSS
CVE
CVE
added 2014/05/30 2:55 p.m.30 views

CVE-2014-3922

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

4.3CVSS5.4AI score0.01137EPSS
CVE
CVE
added 2020/11/09 11:15 p.m.24 views

CVE-2020-27019

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.

5.5CVSS5.2AI score0.00137EPSS
CVE
CVE
added 2020/11/09 11:15 p.m.24 views

CVE-2020-27693

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

4.4CVSS4.8AI score0.0008EPSS