Search criteria
58 vulnerabilities found for interscan_web_security_virtual_appliance by trendmicro
CVE-2024-36359 (GCVE-0-2024-36359)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:21 – Updated: 2025-03-18 15:18
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 , < 6.5 Build 3334
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:45:28.175173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:18:37.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000298065"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-574/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "6.5 Build 3334",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:21:59.692Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000298065"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-574/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-36359",
"datePublished": "2024-06-10T21:21:59.692Z",
"dateReserved": "2024-05-23T20:03:45.564Z",
"dateUpdated": "2025-03-18T15:18:37.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31521 (GCVE-0-2021-31521)
Vulnerability from cvelistv5 – Published: 2021-06-17 11:42 – Updated: 2024-08-03 23:03
VLAI
Summary
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
Severity
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286452 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product\u0027s Captive Portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-17T11:42:50.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-31521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product\u0027s Captive Portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286452",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-31521",
"datePublished": "2021-06-17T11:42:50.000Z",
"dateReserved": "2021-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25252 (GCVE-0-2021-25252)
Vulnerability from cvelistv5 – Published: 2021-03-03 15:43 – Updated: 2024-08-03 19:56
VLAI
Summary
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Severity
No CVSS data available.
CWE
- Memory Exhaustion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000285675 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Virus Scan API (VSAPI) Engine |
Affected:
12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Virus Scan API (VSAPI) Engine",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Exhaustion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T15:43:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Virus Scan API (VSAPI) Engine",
"version": {
"version_data": [
{
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Exhaustion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25252",
"datePublished": "2021-03-03T15:43:40.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8466 (GCVE-0-2020-8466)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
Severity
No CVSS data available.
CWE
- Unauthenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:48.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8466",
"datePublished": "2020-12-17T21:05:48.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8465 (GCVE-0-2020-8465)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
Severity
No CVSS data available.
CWE
- Command Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8465",
"datePublished": "2020-12-17T21:05:47.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8463 (GCVE-0-2020-8463)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
Severity
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8463",
"datePublished": "2020-12-17T21:05:46.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8464 (GCVE-0-2020-8464)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
Severity
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product\u0027s admin interface to users who would not normally have access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product\u0027s admin interface to users who would not normally have access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8464",
"datePublished": "2020-12-17T21:05:46.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8462 (GCVE-0-2020-8462)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:45.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8462",
"datePublished": "2020-12-17T21:05:45.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8461 (GCVE-0-2020-8461)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
Severity
No CVSS data available.
CWE
- CSRF Protection Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim\u0027s browser to send a specifically encoded request without requiring a valid CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF Protection Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim\u0027s browser to send a specifically encoded request without requiring a valid CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8461",
"datePublished": "2020-12-17T21:05:45.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27010 (GCVE-0-2020-27010)
Vulnerability from cvelistv5 – Published: 2020-12-17 21:05 – Updated: 2024-08-04 16:03
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27010",
"datePublished": "2020-12-17T21:05:44.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28581 (GCVE-0-2020-28581)
Vulnerability from cvelistv5 – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28581",
"datePublished": "2020-11-18T18:45:41.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28580 (GCVE-0-2020-28580)
Vulnerability from cvelistv5 – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28580",
"datePublished": "2020-11-18T18:45:40.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28579 (GCVE-0-2020-28579)
Vulnerability from cvelistv5 – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Remote Stack Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Stack Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28579",
"datePublished": "2020-11-18T18:45:40.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28578 (GCVE-0-2020-28578)
Vulnerability from cvelistv5 – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated Remote Stack Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Remote Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:39.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Remote Stack Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28578",
"datePublished": "2020-11-18T18:45:39.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8606 (GCVE-0-2020-8606)
Vulnerability from cvelistv5 – Published: 2020-05-27 22:45 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
Severity
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://success.trendmicro.com/solution/000253095 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158171/Trend… | x_refsource_MISC |
| http://packetstormsecurity.com/files/158423/Trend… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T21:06:14.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"name": "https://success.trendmicro.com/solution/000253095",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"name": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8606",
"datePublished": "2020-05-27T22:45:23.000Z",
"dateReserved": "2020-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:46.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36359 (GCVE-0-2024-36359)
Vulnerability from nvd – Published: 2024-06-10 21:21 – Updated: 2025-03-18 15:18
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 , < 6.5 Build 3334
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:45:28.175173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:18:37.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000298065"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-574/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "6.5 Build 3334",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:21:59.692Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000298065"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-574/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-36359",
"datePublished": "2024-06-10T21:21:59.692Z",
"dateReserved": "2024-05-23T20:03:45.564Z",
"dateUpdated": "2025-03-18T15:18:37.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31521 (GCVE-0-2021-31521)
Vulnerability from nvd – Published: 2021-06-17 11:42 – Updated: 2024-08-03 23:03
VLAI
Summary
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
Severity
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286452 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product\u0027s Captive Portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-17T11:42:50.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-31521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product\u0027s Captive Portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286452",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-31521",
"datePublished": "2021-06-17T11:42:50.000Z",
"dateReserved": "2021-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25252 (GCVE-0-2021-25252)
Vulnerability from nvd – Published: 2021-03-03 15:43 – Updated: 2024-08-03 19:56
VLAI
Summary
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Severity
No CVSS data available.
CWE
- Memory Exhaustion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000285675 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Virus Scan API (VSAPI) Engine |
Affected:
12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Virus Scan API (VSAPI) Engine",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Exhaustion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T15:43:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Virus Scan API (VSAPI) Engine",
"version": {
"version_data": [
{
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Exhaustion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25252",
"datePublished": "2021-03-03T15:43:40.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8466 (GCVE-0-2020-8466)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
Severity
No CVSS data available.
CWE
- Unauthenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:48.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8466",
"datePublished": "2020-12-17T21:05:48.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8465 (GCVE-0-2020-8465)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
Severity
No CVSS data available.
CWE
- Command Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8465",
"datePublished": "2020-12-17T21:05:47.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8463 (GCVE-0-2020-8463)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
Severity
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8463",
"datePublished": "2020-12-17T21:05:46.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8464 (GCVE-0-2020-8464)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
Severity
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product\u0027s admin interface to users who would not normally have access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product\u0027s admin interface to users who would not normally have access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8464",
"datePublished": "2020-12-17T21:05:46.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8462 (GCVE-0-2020-8462)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:45.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8462",
"datePublished": "2020-12-17T21:05:45.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8461 (GCVE-0-2020-8461)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 10:03
VLAI
Summary
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
Severity
No CVSS data available.
CWE
- CSRF Protection Bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
| https://sec-consult.com/vulnerability-lab/advisor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim\u0027s browser to send a specifically encoded request without requiring a valid CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF Protection Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim\u0027s browser to send a specifically encoded request without requiring a valid CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8461",
"datePublished": "2020-12-17T21:05:45.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27010 (GCVE-0-2020-27010)
Vulnerability from nvd – Published: 2020-12-17 21:05 – Updated: 2024-08-04 16:03
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000283077 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000283077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T21:05:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000283077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000283077",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000283077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27010",
"datePublished": "2020-12-17T21:05:44.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28581 (GCVE-0-2020-28581)
Vulnerability from nvd – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28581",
"datePublished": "2020-11-18T18:45:41.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28580 (GCVE-0-2020-28580)
Vulnerability from nvd – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28580",
"datePublished": "2020-11-18T18:45:40.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28579 (GCVE-0-2020-28579)
Vulnerability from nvd – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Severity
No CVSS data available.
CWE
- Authenticated Remote Stack Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Stack Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28579",
"datePublished": "2020-11-18T18:45:40.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28578 (GCVE-0-2020-28578)
Vulnerability from nvd – Published: 2020-11-18 18:45 – Updated: 2024-08-04 16:40
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated Remote Stack Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000281954 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-63 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Remote Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:39.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5 SP2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Remote Stack Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281954",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281954"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-63",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28578",
"datePublished": "2020-11-18T18:45:39.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8606 (GCVE-0-2020-8606)
Vulnerability from nvd – Published: 2020-05-27 22:45 – Updated: 2024-08-04 10:03
VLAI
Summary
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
Severity
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://success.trendmicro.com/solution/000253095 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158171/Trend… | x_refsource_MISC |
| http://packetstormsecurity.com/files/158423/Trend… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro InterScan Web Security Virtual Appliance |
Affected:
6.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro InterScan Web Security Virtual Appliance",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T21:06:14.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-677/"
},
{
"name": "https://success.trendmicro.com/solution/000253095",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000253095"
},
{
"name": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8606",
"datePublished": "2020-05-27T22:45:23.000Z",
"dateReserved": "2020-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:46.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}