Trendmicro

Interscan Web Security Virtual Appliance

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2017-6340

Exploit
  • EPSS 0.23%
  • Veröffentlicht 05.04.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally...

6.5

CVE-2017-6339

Exploit
  • EPSS 2.68%
  • Veröffentlicht 05.04.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital cer...

6.5

CVE-2017-6338

Exploit
  • EPSS 1.01%
  • Veröffentlicht 05.04.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create o...

5.4

CVE-2016-9316

  • EPSS 0.56%
  • Veröffentlicht 21.02.2017 07:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, rem...

8.8

CVE-2016-9315

  • EPSS 5.86%
  • Veröffentlicht 21.02.2017 07:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least pr...

7.8

CVE-2016-9314

  • EPSS 1.48%
  • Veröffentlicht 21.02.2017 07:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backu...

9.9

CVE-2016-9269

  • EPSS 6.85%
  • Veröffentlicht 21.02.2017 07:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrar...

4

CVE-2014-8510

  • EPSS 0.24%
  • Veröffentlicht 07.11.2014 19:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.

4.3

CVE-2009-0612

  • EPSS 0.68%
  • Veröffentlicht 17.02.2009 17:30:06
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows...