29 matches found
CVE-2020-8604
CVE-2020-8604 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5. The connected Nessus entry attributes a path traversal vulnerability in the Apache Solr component (before parsing the file parameter) that, when combined with CVE-2020-8606, can allow an unauthenticated remote...
CVE-2020-8605
The CVE-2020-8605 entry covers a remote-code-execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5. Public materials describe the root cause in the LogSettingHandler (mount_device path handling) that allows unauthenticated/root-level code execution in practice when c...
CVE-2020-8606
CVE-2020-8606 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5. The Nessus plugin describes an authentication bypass in the HTTP proxy service that can be exploited remotely, enabling access to internal services. A separate but related issue in the same advisory references...
CVE-2017-6339
CVE-2017-6339 concerns Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746, where the product’s default CA behavior and certificate management allow an authenticated, low-privilege attacker to download the CA certificate and private key (default or uploaded) and decryp...
CVE-2020-28578
CVE-2020-28578 affects Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. Multiple connected sources describe a vulnerability where an unauthenticated remote attacker could send a specially crafted HTTP message and achieve remote code execution with elevated privileges, via a buffer ov...
CVE-2017-6338
CVE-2017-6338 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746. Affected component/issue: multiple access control flaws that let an authenticated, low-privilege remote user (e.g., Reports Only or Auditor) modify FTP Access Control Settings, create/modify rep...
CVE-2024-36359
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 is affected by a cross‑site scripting (XSS) vulnerability in the HTTP Inspection module that can enable privilege escalation when an attacker can run low‑privileged code on the target and entice user interaction. Details across sour...
CVE-2016-9314
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5.x (before Build 1737) is affected by CVE-2016-9314 due to insufficient access controls in the ConfigBackup function. An authenticated, remote attacker with least privileges could back up the system configuration and download...
CVE-2017-6340
CVE-2017-6340 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 prior to CP 1746. The issue is an XSS vulnerability in rest/commonlog/report/template name due to improper sanitization, compounded by weak access controls that let authenticated remote users with low privilege...
CVE-2016-9315
CVE-2016-9315 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 and earlier. The issue is a privilege-escalation in the com.trend.iwss.gui.servlet.updateaccountadministration servlet, where an authenticated, low-privilege user can change the Master Admin password or add new...
CVE-2020-8463
CVE-2020-8463 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2, where an attacker can bypass global authorization for anonymous users by manipulating request paths. The issue is described across multiple sources as an authentication bypass vulnerability caused by insuf...
CVE-2021-25252
CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...
CVE-2016-9316
Trend Micro IWSVA 6.5.x before Build 1737 is affected by CVE-2016-9316 due to improper validation in the updateaccountadministration servlet, allowing authenticated remote attackers with minimal privileges to trigger stored XSS via accountnamelocal/description parameters. Impact per sources is st...
CVE-2020-8461
CVE-2020-8461 describes a CSRF protection bypass in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An attacker could induce a victim to make a specially encoded request without a valid CSRF token, effectively bypassing CSRF protections. This affects IWSVA 6.5 SP2; CVSS metrics indi...
CVE-2020-28581
CVE-2020-28581: A command injection in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 allows an authenticated, remote attacker to send crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Multiple sources (NVD entry and Red Hat advisory...
CVE-2016-9269
CVE-2016-9269 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5.x before Build 1737. The vulnerability lies in the ManagePatches servlet (com.trend.iwss.gui.servlet.ManagePatches) where insecure access controls during patch updates allow an authenticated, remote user with l...
CVE-2020-8466
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 is affected by a command injection vulnerability (CVE-2020-8466) in which an unauthenticated attacker could execute commands by supplying a manipulated password. Root cause involves the password handling path enabling arbitrary ...
CVE-2020-28579
Summary: CVE-2020-28579 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. Multiple connected advisories describe a vulnerability that allows an authenticated, remote attacker to send a specially crafted HTTP message to achieve remote code execution with elevated privil...
CVE-2017-11396
The CVE-2017-11396 entry concerns Trend Micro Web Security Virtual Appliance (IWSVA) 6.5. The vulnerability arises in the web service input parameter inspection, allowing remote code execution when an administrator with console access can exploit it. Affected component is the web service handling...
CVE-2019-9490
CVE-2019-9490 concerns Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. The connected sources describe an information-disclosure vulnerability in the web console component that can be exploited by an authenticated remote attacker to disclose the web console administrator’s cr...
CVE-2020-27010
CVE-2020-27010 : A cross-site scripting (XSS) vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, affecting the web interface. The issue is caused by improper validation of user-supplied input in the web interface, allowing an attacker to tamper with the ...
CVE-2020-8462
CVE-2020-8462 describes a cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 that could allow an attacker to tamper with the product’s web interface. The connected Red Hat and CNVD entries corroborate the same issue class and target pr...
CVE-2020-28580
CVE-2020-28580 describes a command injection vulnerability in the AddVLANItem component of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An authenticated, remote attacker can send specially crafted HTTP messages to execute arbitrary OS commands with elevated privileges. The NVD en...
CVE-2020-8464
CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...
CVE-2020-8603
CVE-2020-8603 is a cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 that can allow a remote attacker to tamper with the web interface. The issue requires user interaction (visiting a malicious page or opening a malicious file) and stems from imp...
CVE-2020-8465
CVE-2020-8465 affects Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. Connected sources describe it as part of multiple vulnerabilities in IWSVA (with CVEs 2020-8461/8464) that enable authentication bypass and remote code execution, potentially allowing code execution as root via sy...
CVE-2009-0612
CVE-2009-0612 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x. When basic authorization is enabled on the standalone proxy, the product forwards the Proxy-Authorization header from Windows Media Player, enabling remote web serve...
CVE-2014-8510
CVE-2014-8510 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) AdminUI prior to 6.0 HF build 1244. Multiple information-disclosure vulnerabilities allow remote authenticated attackers to read arbitrary files via configuration input handling when saving filters. Public sources ...
CVE-2021-31521
The CVE-2021-31521 issue affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5, specifically the Captive Portal, where user-supplied data in the portal can trigger a reflected XSS. Public records timestamped across multiple feeds describe the root cause as inadequate sanitizati...