NotCVE - vendor:"Trendmicro" product:"Interscan Web Security Virtual Appliance"

Page 3 of 28 results (0.003 seconds)

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1

CVE-2020-28580

https://notcve.org/view.php?id=CVE-2020-28580

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en AddVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos de SO arbitrarios con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2020-28579

https://notcve.org/view.php?id=CVE-2020-28579

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1

CVE-2020-28578

https://notcve.org/view.php?id=CVE-2020-28578

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto no autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-787: Out-of-bounds Write •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-8603 – Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2020-8603

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a un atacante remoto alterar la interfaz web de las instalaciones afectadas. Es requerida una interacción del usuario para explotar esta vulnerabilidad, en el que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso. This vulnerability allows remote attackers to tamper with the web interface of affected installations of Trend Micro InterScan Web Security Virtual Appliance. • https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 3

CVE-2020-8604 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2020-8604

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos revelar información confidencial sobre las instalaciones afectadas. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache Solr application. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-678 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/trendmicro_websecurity_exec.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1 2 3 4 5