Filtered by vendor Trendmicro Subscriptions
Filtered by product Interscan Web Security Virtual Appliance Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-36359 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-31521 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 5.4 Medium
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-11-21 5.5 Medium
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2020-8606 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 9.8 Critical
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
CVE-2020-8605 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 8.8 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
CVE-2020-8604 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.5 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
CVE-2020-8603 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 6.1 Medium
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-8466 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 9.8 Critical
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
CVE-2020-8465 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 9.8 Critical
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
CVE-2020-8464 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.5 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
CVE-2020-8463 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.5 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
CVE-2020-8462 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
CVE-2020-8461 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 8.8 High
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
CVE-2020-28581 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.2 High
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
CVE-2020-28580 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.2 High
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
CVE-2020-28579 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 8.8 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-28578 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 9.8 Critical
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-27010 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
CVE-2019-9490 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 N/A
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.
CVE-2017-6340 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.