CVSS: 8.8EPSS: 39%CPEs: 1EXPL: 1CVE-2020-28579
https://notcve.org/view.php?id=CVE-2020-28579
18 Nov 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 73%CPEs: 1EXPL: 1CVE-2020-28580
https://notcve.org/view.php?id=CVE-2020-28580
18 Nov 2020 — A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en AddVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos de SO a... • https://success.trendmicro.com/solution/000281954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 58%CPEs: 1EXPL: 1CVE-2020-28578
https://notcve.org/view.php?id=CVE-2020-28578
18 Nov 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto no autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 88%CPEs: 1EXPL: 5CVE-2020-8605 – Trend Micro InterScan Web Security Virtual Appliance Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8605
27 May 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos ejecutar código arbitrario sobre las instalaciones afectadas. Es requerida una autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to e... • https://packetstorm.news/files/id/158171 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8603 – Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-8603
27 May 2020 — A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a un atacante remoto alterar la interfaz web de las... • https://success.trendmicro.com/solution/000253095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 86%CPEs: 1EXPL: 4CVE-2020-8604 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8604
27 May 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos revelar información confidencial sobre las instalaciones afectadas. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Applianc... • https://packetstorm.news/files/id/158171 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 4CVE-2020-8606 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8606
27 May 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos omitir la autenticación sobre las instalaciones afectadas de Trend Micro InterScan Web Security Virtual Appliance. This vulnerability allows remote attackers to bypass authentica... • https://packetstorm.news/files/id/158171 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9490
https://notcve.org/view.php?id=CVE-2019-9490
05 Apr 2019 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance, en su versión 6.5 SP2, podría permitir a un usuario no autorizado divulgar credenciales administrativas. Un atacante debe ser un usuario autenticado para explotar esta vulnerabilidad. • http://www.securityfocus.com/bid/107848 •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11396
https://notcve.org/view.php?id=CVE-2017-11396
22 Sep 2017 — Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. Los problemas de vulnerabilidades con la inspección del servicio web de parámetros de entrada en la versión 6.5 de Trend Micro Web Security Virtual Appliance podría permitir que los atacantes que ya posean derechos de administración en la consola implementen inyeccion... • https://success.trendmicro.com/solution/1117412 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 3CVE-2017-6338 – Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-6338
05 Apr 2017 — Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. Múltiples problemas de control de acceso en Trend Micro InterScan Web Security Virtual Appliance 6.5 en versiones anteriores a CP 1746 permiten a un usuario remoto autenticado con privi... • https://packetstorm.news/files/id/142552 • CWE-732: Incorrect Permission Assignment for Critical Resource •