Lucene search
K
TrendmicroInterscan Web Security Virtual Appliance

29 matches found

CVE
CVE
added 2020/05/27 10:45 p.m.165 views

CVE-2020-8604

CVE-2020-8604 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5. The connected Nessus entry attributes a path traversal vulnerability in the Apache Solr component (before parsing the file parameter) that, when combined with CVE-2020-8606, can allow an unauthenticated remote...

7.5CVSS7.7AI score0.89661EPSS
CVE
CVE
added 2020/05/27 10:45 p.m.155 views

CVE-2020-8605

The CVE-2020-8605 entry covers a remote-code-execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5. Public materials describe the root cause in the LogSettingHandler (mount_device path handling) that allows unauthenticated/root-level code execution in practice when c...

8.8CVSS9.2AI score0.8758EPSS
CVE
CVE
added 2020/05/27 10:45 p.m.150 views

CVE-2020-8606

CVE-2020-8606 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5. The Nessus plugin describes an authentication bypass in the HTTP proxy service that can be exploited remotely, enabling access to internal services. A separate but related issue in the same advisory references...

9.8CVSS9.5AI score0.7274EPSS
CVE
CVE
added 2017/04/05 4:0 p.m.96 views

CVE-2017-6339

CVE-2017-6339 concerns Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746, where the product’s default CA behavior and certificate management allow an authenticated, low-privilege attacker to download the CA certificate and private key (default or uploaded) and decryp...

6.5CVSS6.4AI score0.04071EPSS
Web
CVE
CVE
added 2020/11/18 6:45 p.m.82 views

CVE-2020-28578

CVE-2020-28578 affects Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. Multiple connected sources describe a vulnerability where an unauthenticated remote attacker could send a specially crafted HTTP message and achieve remote code execution with elevated privileges, via a buffer ov...

9.8CVSS9.7AI score0.7227EPSS
CVE
CVE
added 2017/04/05 4:0 p.m.73 views

CVE-2017-6338

CVE-2017-6338 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746. Affected component/issue: multiple access control flaws that let an authenticated, low-privilege remote user (e.g., Reports Only or Auditor) modify FTP Access Control Settings, create/modify rep...

6.5CVSS6.5AI score0.03919EPSS
CVE
CVE
added 2024/06/10 9:21 p.m.70 views

CVE-2024-36359

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 is affected by a cross‑site scripting (XSS) vulnerability in the HTTP Inspection module that can enable privilege escalation when an attacker can run low‑privileged code on the target and entice user interaction. Details across sour...

5.4CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2017/02/21 7:46 a.m.69 views

CVE-2016-9314

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5.x (before Build 1737) is affected by CVE-2016-9314 due to insufficient access controls in the ConfigBackup function. An authenticated, remote attacker with least privileges could back up the system configuration and download...

7.8CVSS8.1AI score0.03021EPSS
Web
CVE
CVE
added 2017/04/05 4:0 p.m.67 views

CVE-2017-6340

CVE-2017-6340 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 prior to CP 1746. The issue is an XSS vulnerability in rest/commonlog/report/template name due to improper sanitization, compounded by weak access controls that let authenticated remote users with low privilege...

5.4CVSS5.7AI score0.02465EPSS
Web
CVE
CVE
added 2017/02/21 7:46 a.m.66 views

CVE-2016-9315

CVE-2016-9315 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 and earlier. The issue is a privilege-escalation in the com.trend.iwss.gui.servlet.updateaccountadministration servlet, where an authenticated, low-privilege user can change the Master Admin password or add new...

8.8CVSS9.1AI score0.0898EPSS
Web
CVE
CVE
added 2020/12/17 9:5 p.m.66 views

CVE-2020-8463

CVE-2020-8463 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2, where an attacker can bypass global authorization for anonymous users by manipulating request paths. The issue is described across multiple sources as an authentication bypass vulnerability caused by insuf...

7.5CVSS7.5AI score0.05908EPSS
CVE
CVE
added 2021/03/03 3:43 p.m.62 views

CVE-2021-25252

CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...

5.5CVSS5.4AI score0.00556EPSS
CVE
CVE
added 2017/02/21 7:46 a.m.60 views

CVE-2016-9316

Trend Micro IWSVA 6.5.x before Build 1737 is affected by CVE-2016-9316 due to improper validation in the updateaccountadministration servlet, allowing authenticated remote attackers with minimal privileges to trigger stored XSS via accountnamelocal/description parameters. Impact per sources is st...

5.4CVSS7.3AI score0.02765EPSS
Web
CVE
CVE
added 2020/12/17 9:5 p.m.60 views

CVE-2020-8461

CVE-2020-8461 describes a CSRF protection bypass in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An attacker could induce a victim to make a specially encoded request without a valid CSRF token, effectively bypassing CSRF protections. This affects IWSVA 6.5 SP2; CVSS metrics indi...

8.8CVSS9AI score0.01136EPSS
CVE
CVE
added 2020/11/18 6:45 p.m.57 views

CVE-2020-28581

CVE-2020-28581: A command injection in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 allows an authenticated, remote attacker to send crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Multiple sources (NVD entry and Red Hat advisory...

9CVSS7.4AI score0.44549EPSS
CVE
CVE
added 2017/02/21 7:46 a.m.56 views

CVE-2016-9269

CVE-2016-9269 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5.x before Build 1737. The vulnerability lies in the ManagePatches servlet (com.trend.iwss.gui.servlet.ManagePatches) where insecure access controls during patch updates allow an authenticated, remote user with l...

9.9CVSS9.7AI score0.13419EPSS
CVE
CVE
added 2020/12/17 9:5 p.m.55 views

CVE-2020-8466

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 is affected by a command injection vulnerability (CVE-2020-8466) in which an unauthenticated attacker could execute commands by supplying a manipulated password. Root cause involves the password handling path enabling arbitrary ...

9.8CVSS9.8AI score0.63711EPSS
CVE
CVE
added 2020/11/18 6:45 p.m.52 views

CVE-2020-28579

Summary: CVE-2020-28579 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. Multiple connected advisories describe a vulnerability that allows an authenticated, remote attacker to send a specially crafted HTTP message to achieve remote code execution with elevated privil...

8.8CVSS9.2AI score0.4929EPSS
CVE
CVE
added 2017/09/22 4:0 p.m.51 views

CVE-2017-11396

The CVE-2017-11396 entry concerns Trend Micro Web Security Virtual Appliance (IWSVA) 6.5. The vulnerability arises in the web service input parameter inspection, allowing remote code execution when an administrator with console access can exploit it. Affected component is the web service handling...

9CVSS7.2AI score0.03196EPSS
CVE
CVE
added 2019/04/05 10:46 p.m.50 views

CVE-2019-9490

CVE-2019-9490 concerns Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. The connected sources describe an information-disclosure vulnerability in the web console component that can be exploited by an authenticated remote attacker to disclose the web console administrator’s cr...

8.8CVSS8.4AI score0.01484EPSS
CVE
CVE
added 2020/12/17 9:5 p.m.50 views

CVE-2020-27010

CVE-2020-27010 : A cross-site scripting (XSS) vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, affecting the web interface. The issue is caused by improper validation of user-supplied input in the web interface, allowing an attacker to tamper with the ...

4.8CVSS4.8AI score0.00713EPSS
CVE
CVE
added 2020/12/17 9:5 p.m.47 views

CVE-2020-8462

CVE-2020-8462 describes a cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 that could allow an attacker to tamper with the product’s web interface. The connected Red Hat and CNVD entries corroborate the same issue class and target pr...

4.8CVSS4.8AI score0.01134EPSS
CVE
CVE
added 2020/11/18 6:45 p.m.46 views

CVE-2020-28580

CVE-2020-28580 describes a command injection vulnerability in the AddVLANItem component of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An authenticated, remote attacker can send specially crafted HTTP messages to execute arbitrary OS commands with elevated privileges. The NVD en...

9CVSS7.4AI score0.44549EPSS
CVE
CVE
added 2020/12/17 9:5 p.m.46 views

CVE-2020-8464

CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...

7.5CVSS8.4AI score0.06341EPSS
CVE
CVE
added 2020/05/27 10:45 p.m.46 views

CVE-2020-8603

CVE-2020-8603 is a cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 that can allow a remote attacker to tamper with the web interface. The issue requires user interaction (visiting a malicious page or opening a malicious file) and stems from imp...

6.1CVSS5.9AI score0.01976EPSS
CVE
CVE
added 2020/12/17 9:5 p.m.44 views

CVE-2020-8465

CVE-2020-8465 affects Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. Connected sources describe it as part of multiple vulnerabilities in IWSVA (with CVEs 2020-8461/8464) that enable authentication bypass and remote code execution, potentially allowing code execution as root via sy...

10CVSS8.3AI score0.02574EPSS
CVE
CVE
added 2009/02/17 5:0 p.m.43 views

CVE-2009-0612

CVE-2009-0612 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x. When basic authorization is enabled on the standalone proxy, the product forwards the Proxy-Authorization header from Windows Media Player, enabling remote web serve...

4.3CVSS6.8AI score0.02165EPSS
CVE
CVE
added 2014/11/07 7:0 p.m.42 views

CVE-2014-8510

CVE-2014-8510 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) AdminUI prior to 6.0 HF build 1244. Multiple information-disclosure vulnerabilities allow remote authenticated attackers to read arbitrary files via configuration input handling when saving filters. Public sources ...

4CVSS6.3AI score0.01487EPSS
CVE
CVE
added 2021/06/17 11:42 a.m.40 views

CVE-2021-31521

The CVE-2021-31521 issue affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5, specifically the Captive Portal, where user-supplied data in the portal can trigger a reflected XSS. Public records timestamped across multiple feeds describe the root cause as inadequate sanitizati...

5.4CVSS5.3AI score0.01398EPSS