CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27696
https://notcve.org/view.php?id=CVE-2020-27696
18 Nov 2020 — Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer) contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar un directorio de sistema de Windows específico que puede conllevar a una obtención de privilegios administrativos durante la insta... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-27693 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27693
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, almacena las contraseñas administrativas mediante un hash que es considerado obsoleto Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file ... • https://packetstorm.news/files/id/159914 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 3CVE-2020-27694 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27694
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, ha actualizado una biblioteca crítica específica que puede ser vulnerable a ataques Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file discl... • https://packetstorm.news/files/id/159914 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-27016 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27016
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tip... • https://packetstorm.news/files/id/159914 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 1%CPEs: 2EXPL: 3CVE-2020-27017 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27017
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo XML External Entity Processing (XXE) que podría permitir a... • https://packetstorm.news/files/id/159914 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2020-27018 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27018
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo server si... • https://packetstorm.news/files/id/159914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2020-27019 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27019
05 Nov 2020 — Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de divulgación de información que podría permitir a un atacante acceder a una base de datos y clave específica Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1... • https://packetstorm.news/files/id/159914 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25775 – Trend Micro Maximum Security Race Condition Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-25775
28 Sep 2020 — The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. La familia de productos de consumo Trend Micro Security 2020 (versión v16), es susceptible a una vulnerabilidad de eliminación de archivos arbitraria de una condición de carrera de seguridad que podría permitir a un usuario poco pr... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09909 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-24560
https://notcve.org/view.php?id=CVE-2020-24560
24 Sep 2020 — An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. Una vulnerabilidad de comprobación de certificación de servidor SSL incompleta en la familia de productos de consumidor... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15604
https://notcve.org/view.php?id=CVE-2020-15604
24 Sep 2020 — An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified. Una vulnerabilidad de comprobación de certificación de servidor SSL incompleta en la familia de productos de consumo Trend Micro Security 2019 versión (v15), podría ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 • CWE-295: Improper Certificate Validation CWE-494: Download of Code Without Integrity Check •