Product:

Interscan_messaging_security_virtual_appliance

(Trendmicro)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2021-03-03 CVE-2021-25252 Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. Apex_central, Apex_one, Cloud_edge, Control_manager, Deep_discovery_analyzer, Deep_discovery_email_inspector, Deep_discovery_inspector, Deep_security, Interscan_messaging_security_virtual_appliance, Interscan_web_security_virtual_appliance, Officescan, Portal_protect, Safe_lock, Scanmail, Scanmail_for_ibm_domino, Serverprotect, Serverprotect_for_network_appliance_filers, Serverprotect_for_storage, Worry\-Free_business_security 5.5
2020-11-09 CVE-2020-27017 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Interscan_messaging_security_virtual_appliance 4.9
2020-11-09 CVE-2020-27019 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Interscan_messaging_security_virtual_appliance 5.5
2020-11-09 CVE-2020-27694 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Interscan_messaging_security_virtual_appliance 8.8
2020-11-09 CVE-2020-27693 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Interscan_messaging_security_virtual_appliance 4.4
2020-11-09 CVE-2020-27018 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. Interscan_messaging_security_virtual_appliance 5.5
2020-11-09 CVE-2020-27016 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Interscan_messaging_security_virtual_appliance 8.8
2018-02-16 CVE-2018-3609 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. Interscan_messaging_security_virtual_appliance 8.1
2017-03-14 CVE-2017-6398 An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However,... Interscan_messaging_security_virtual_appliance 8.8
2017-04-18 CVE-2017-7896 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Interscan_messaging_security_virtual_appliance 6.1