CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27693 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27693
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, almacena las contraseñas administrativas mediante un hash que es considerado obsoleto Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27694 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, ha actualizado una biblioteca crítica específica que puede ser vulnerable a ataques Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 •
CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 1CVE-2018-3609
https://notcve.org/view.php?id=CVE-2018-3609
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. Una vulnerabilidad en el portal de gestión de Trend Micro InterScan Messaging Security Virtual Appliance 9.0 y 9.1 podría permitir que un usuario no autenticado acceda a información sensible en un archivo de registro en particular que podría emplearse para omitir la autenticación en instalaciones vulnerables. • http://www.securityfocus.com/bid/103097 https://korelogic.com/Resources/Advisories/KL-001-2018-006.txt https://success.trendmicro.com/jp/solution/1119290 https://success.trendmicro.com/solution/1119277 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 15%CPEs: 2EXPL: 0CVE-2017-11391 – Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11391
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Una vulnerabilidad de inyección de comandos proxy en Trend Micro InterScan Messaging Virtual Appliance 9.0 y 9.1 permite que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables. Este fallo específico puede explotarse parseando el parámetro "t" en modMCSS Proxy. • http://www.securityfocus.com/bid/100075 http://www.zerodayinitiative.com/advisories/ZDI-17-502 https://success.trendmicro.com/solution/1117723 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-11392 – Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11392
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. Una vulnerabilidad de inyección de comandos proxy en Trend Micro InterScan Messaging Virtual Appliance 9.0 y 9.1 permite que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables. Este fallo específico puede explotarse parseando el parámetro "T" en modTMCSS Proxy. • http://www.securityfocus.com/bid/100075 http://www.zerodayinitiative.com/advisories/ZDI-17-504 https://success.trendmicro.com/solution/1117723 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •