Trendmicro

Interscan Web Security Virtual Appliance

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-36359

  • EPSS 0.16%
  • Published 10.06.2024 22:15:11
  • Last modified 18.03.2025 16:15:21

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exec...

5.4

CVE-2021-31521

  • EPSS 0.41%
  • Published 17.06.2021 12:15:07
  • Last modified 21.11.2024 06:05:50

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

5.5

CVE-2021-25252

  • EPSS 0.06%
  • Published 03.03.2021 16:15:13
  • Last modified 21.11.2024 05:54:38

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

9.8

CVE-2020-8466

Exploit
  • EPSS 27.27%
  • Published 17.12.2020 21:15:13
  • Last modified 21.11.2024 05:38:53

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated passw...

10

CVE-2020-8465

Exploit
  • EPSS 0.18%
  • Published 17.12.2020 21:15:13
  • Last modified 21.11.2024 05:38:53

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user ...

7.5

CVE-2020-8464

Exploit
  • EPSS 0.64%
  • Published 17.12.2020 21:15:13
  • Last modified 21.11.2024 05:38:53

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have acce...

7.5

CVE-2020-8463

Exploit
  • EPSS 0.56%
  • Published 17.12.2020 21:15:12
  • Last modified 21.11.2024 05:38:53

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

4.8

CVE-2020-8462

Exploit
  • EPSS 0.47%
  • Published 17.12.2020 21:15:12
  • Last modified 21.11.2024 05:38:53

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.

8.8

CVE-2020-8461

Exploit
  • EPSS 0.23%
  • Published 17.12.2020 21:15:12
  • Last modified 21.11.2024 05:38:53

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

4.8

CVE-2020-27010

  • EPSS 0.42%
  • Published 17.12.2020 21:15:12
  • Last modified 21.11.2024 05:20:40

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.