Interscan Web Security Virtual Appliance Security Vulnerabilities and Issues — Interscan Web Security Virtual Appliance CVE List

Lucene search

TrendmicroInterscan Web Security Virtual Appliance

8 matches found

CVE•added 2017/04/05 4:59 p.m.•84 views

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to com...

6.5CVSS6.4AI score0.02677EPSS

CVE•added 2017/04/05 4:59 p.m.•58 views

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption C...

6.5CVSS6.5AI score0.01013EPSS

CVE•added 2017/02/21 7:59 a.m.•55 views

CVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or...

8.8CVSS9.1AI score0.05864EPSS

CVE•added 2017/04/05 4:59 p.m.•54 views

CVE-2017-6340

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that ...

5.4CVSS5.7AI score0.00195EPSS

CVE•added 2017/02/21 7:59 a.m.•45 views

CVE-2016-9314

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto t...

7.8CVSS8.1AI score0.01484EPSS

CVE•added 2017/02/21 7:59 a.m.•43 views

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

9.9CVSS9.7AI score0.06848EPSS

CVE•added 2017/02/21 7:59 a.m.•39 views

CVE-2016-9316

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitra...

5.4CVSS7.3AI score0.0056EPSS

CVE•added 2017/09/22 4:29 p.m.•37 views

CVE-2017-11396

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

9CVSS7.2AI score0.0088EPSS