VYPR

Interscan Web Security Virtual Appliance

by Trend Micro

CVEs (28)

  • CVE-2016-9269CriFeb 21, 2017
    risk 0.68cvss 9.9epss 0.13

    Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as…

  • CVE-2016-9315HigFeb 21, 2017
    risk 0.61cvss 8.8epss 0.09

    Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master…

  • CVE-2016-9314HigFeb 21, 2017
    risk 0.54cvss 7.8epss 0.03

    Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration…

  • CVE-2017-11396HigSep 22, 2017
    risk 0.47cvss 7.2epss 0.03

    Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

  • CVE-2017-6339MedApr 5, 2017
    risk 0.46cvss 6.5epss 0.04

    Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to…

  • CVE-2017-6338MedApr 5, 2017
    risk 0.46cvss 6.5epss 0.04

    Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload…

  • CVE-2017-6340MedApr 5, 2017
    risk 0.38cvss 5.4epss 0.02

    Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect…

  • CVE-2016-9316MedFeb 21, 2017
    risk 0.38cvss 5.4epss 0.03

    Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least…

  • CVE-2020-8606May 27, 2020
    risk 0.10cvss epss 0.73

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.

  • CVE-2020-8604May 27, 2020
    risk 0.10cvss epss 0.90

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.

  • CVE-2020-8605May 27, 2020
    risk 0.10cvss epss 0.88

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.

  • CVE-2020-28581Nov 18, 2020
    risk 0.06cvss epss 0.45

    A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

  • CVE-2020-28580Nov 18, 2020
    risk 0.06cvss epss 0.45

    A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

  • CVE-2020-28578Nov 18, 2020
    risk 0.05cvss epss 0.72

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

  • CVE-2020-28579Nov 18, 2020
    risk 0.03cvss epss 0.49

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

  • CVE-2020-8466Dec 17, 2020
    risk 0.02cvss epss 0.64

    A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

  • CVE-2024-36359Jun 10, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2021-31521Jun 17, 2021
    risk 0.00cvss epss 0.01

    Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

  • CVE-2020-8465Dec 17, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

  • CVE-2020-8463Dec 17, 2020
    risk 0.00cvss epss 0.06

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

Page 1 of 2