Interscan Web Security Virtual Appliance Security Vulnerabilities and Issues — Interscan Web Security Virtual Appliance CVE List

Lucene search

TrendmicroInterscan Web Security Virtual Appliance

5 matches found

CVE•added 2017/04/05 4:59 p.m.•54 views

CVE-2017-6340

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that ...

5.4CVSS5.7AI score0.00195EPSS

CVE•added 2024/06/10 10:15 p.m.•50 views

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in orde...

5.4CVSS6.1AI score0.00138EPSS

CVE•added 2021/03/03 4:15 p.m.•46 views

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

5.5CVSS5.4AI score0.00063EPSS

CVE•added 2017/02/21 7:59 a.m.•39 views

CVE-2016-9316

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitra...

5.4CVSS7.3AI score0.0056EPSS

CVE•added 2021/06/17 12:15 p.m.•27 views

CVE-2021-31521

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

5.4CVSS5.3AI score0.00405EPSS