CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27696
https://notcve.org/view.php?id=CVE-2020-27696
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer) contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar un directorio de sistema de Windows específico que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27018 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27018
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo server side request forgery que podría permitir a un atacante autenticado abusar del servidor web del producto y otorgar acceso a recursos web o partes de archivos locales. Un atacante ya debe haber obtenido privilegios autenticados en el producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27693 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27693
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, almacena las contraseñas administrativas mediante un hash que es considerado obsoleto Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27017 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo XML External Entity Processing (XXE) que podría permitir a un administrador autenticado leer archivos locales arbitrarios. Un atacante ya debe haber obtenido privilegios de administrator/root del producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27694 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, ha actualizado una biblioteca crítica específica que puede ser vulnerable a ataques Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 •