Interscan_web_security_virtual_appliance - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Interscan_web_security_virtual_appliance
(Trendmicro)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	29

Date	Id	Summary	Products	Score	Patch	Annotated
2024-06-10	CVE-2024-36359	A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	Interscan_web_security_virtual_appliance	5.4
2020-05-27	CVE-2020-8605	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.	Interscan_web_security_virtual_appliance	8.8
2020-05-27	CVE-2020-8606	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.	Interscan_web_security_virtual_appliance	9.8
2020-05-27	CVE-2020-8604	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.	Interscan_web_security_virtual_appliance	7.5
2021-03-03	CVE-2021-25252	Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.	Apex_central, Apex_one, Cloud_edge, Control_manager, Deep_discovery_analyzer, Deep_discovery_email_inspector, Deep_discovery_inspector, Deep_security, Interscan_messaging_security_virtual_appliance, Interscan_web_security_virtual_appliance, Officescan, Portal_protect, Safe_lock, Scanmail, Scanmail_for_ibm_domino, Serverprotect, Serverprotect_for_network_appliance_filers, Serverprotect_for_storage, Worry\-Free_business_security	5.5
2020-12-17	CVE-2020-8463	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.	Interscan_web_security_virtual_appliance	7.5
2020-12-17	CVE-2020-8465	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.	Interscan_web_security_virtual_appliance	9.8
2020-12-17	CVE-2020-8466	A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.	Interscan_web_security_virtual_appliance	9.8
2021-06-17	CVE-2021-31521	Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.	Interscan_web_security_virtual_appliance	5.4