Medium severity6.5NVD Advisory· Published Apr 5, 2017· Updated May 13, 2026

CVE-2017-6338

Description

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.

Affected products

Trend Micro/Interscan Web Security Virtual Appliance
cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*
Range: <=6.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

success.trendmicro.com/solution/1116960nvdPatchVendor Advisory
www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfnvdExploitTechnical DescriptionThird Party Advisory
www.securityfocus.com/bid/97482nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000