Interscan_web_security_virtual_appliance - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Interscan_web_security_virtual_appliance
(Trendmicro)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	29

Date	Id	Summary	Products	Score	Patch	Annotated
2020-12-17	CVE-2020-8462	A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.	Interscan_web_security_virtual_appliance	4.8
2020-12-17	CVE-2020-8461	A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.	Interscan_web_security_virtual_appliance	8.8
2020-12-17	CVE-2020-27010	A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.	Interscan_web_security_virtual_appliance	4.8
2020-11-18	CVE-2020-28579	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.	Interscan_web_security_virtual_appliance	8.8
2020-11-18	CVE-2020-28578	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.	Interscan_web_security_virtual_appliance	9.8
2020-11-18	CVE-2020-28581	A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.	Interscan_web_security_virtual_appliance	7.2
2020-11-18	CVE-2020-28580	A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.	Interscan_web_security_virtual_appliance	7.2
2017-09-22	CVE-2017-11396	Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.	Interscan_web_security_virtual_appliance	N/A
2020-05-27	CVE-2020-8603	A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	Interscan_web_security_virtual_appliance	N/A
2017-04-05	CVE-2017-6339	Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA...	Interscan_web_security_virtual_appliance	6.5