CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8464 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8464
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante enviar peticiones que parecen provenir del host local, lo que podría exponer la interfaz de administración del producto a usuarios que n... • https://packetstorm.news/files/id/160602 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8465 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8465
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular las actualizaciones del sistema mediante una combinación de omisión de CSRF (CVE-2020-8461) y una omisión de autenticación (... • https://packetstorm.news/files/id/160602 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 27%CPEs: 1EXPL: 2CVE-2020-8466 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8466
17 Dec 2020 — A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. Una vulnerabilidad de inyección de comandos en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, con el método habilitado de hashing de contraseña mejorado, podría permitir a un atacante no autenticado ejecutar determinados comandos al p... • https://packetstorm.news/files/id/160602 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 73%CPEs: 1EXPL: 1CVE-2020-28581
https://notcve.org/view.php?id=CVE-2020-28581
18 Nov 2020 — A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en ModifyVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos d... • https://success.trendmicro.com/solution/000281954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 39%CPEs: 1EXPL: 1CVE-2020-28579
https://notcve.org/view.php?id=CVE-2020-28579
18 Nov 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 73%CPEs: 1EXPL: 1CVE-2020-28580
https://notcve.org/view.php?id=CVE-2020-28580
18 Nov 2020 — A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en AddVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos de SO a... • https://success.trendmicro.com/solution/000281954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2020-28574
https://notcve.org/view.php?id=CVE-2020-28574
18 Nov 2020 — A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. Una vulnerabilidad de eliminación de archivos remotos arbitrarios de salto de ruta no autenticada en Trend Micro Worry-Free Business Security versión 10 SP1, podría permitir a un atacante no autenticado explotar la vulnerabilidad y modifica... • https://success.trendmicro.com/solution/000281948 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 58%CPEs: 1EXPL: 1CVE-2020-28578
https://notcve.org/view.php?id=CVE-2020-28578
18 Nov 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto no autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27697
https://notcve.org/view.php?id=CVE-2020-27697
18 Nov 2020 — Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en una ubicación no protegida con altos privilegios (ataque de ti... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27695
https://notcve.org/view.php?id=CVE-2020-27695
18 Nov 2020 — Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en un directorio local que puede conllevar a una obtención de privilegios administrativos durante la instalaci... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-426: Untrusted Search Path •