CVSS: 8.8EPSS: 96%CPEs: 1EXPL: 4CVE-2020-8605 – Trend Micro InterScan Web Security Virtual Appliance Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8605
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos ejecutar código arbitrario sobre las instalaciones afectadas. Es requerida una autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro InterScan Web Security Virtual Appliance. • https://www.exploit-db.com/exploits/48667 http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-676 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/trendmicro_websecurity_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 3CVE-2020-8606 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8606
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos omitir la autenticación sobre las instalaciones afectadas de Trend Micro InterScan Web Security Virtual Appliance. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. The specific flaw exists within the Apache Solr application. The issue results from the lack of proper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. • http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-677 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/trendmicro_websecurity_exec.rb • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9490
https://notcve.org/view.php?id=CVE-2019-9490
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance, en su versión 6.5 SP2, podría permitir a un usuario no autorizado divulgar credenciales administrativas. Un atacante debe ser un usuario autenticado para explotar esta vulnerabilidad. • http://www.securityfocus.com/bid/107848 https://success.trendmicro.com/solution/1122326 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11396
https://notcve.org/view.php?id=CVE-2017-11396
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. Los problemas de vulnerabilidades con la inspección del servicio web de parámetros de entrada en la versión 6.5 de Trend Micro Web Security Virtual Appliance podría permitir que los atacantes que ya posean derechos de administración en la consola implementen inyecciones remotas de código. • https://success.trendmicro.com/solution/1117412 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-6338 – Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-6338
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. Múltiples problemas de control de acceso en Trend Micro InterScan Web Security Virtual Appliance 6.5 en versiones anteriores a CP 1746 permiten a un usuario remoto autenticado con privilegios bajos como 'Reports Only' o 'Auditor' cambiar la configuración del control de acceso FTP, crear o modificar informes o cargar un certificado de descifrado HTTPS y clave privada. Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities • https://www.exploit-db.com/exploits/42013 http://www.securityfocus.com/bid/97482 https://success.trendmicro.com/solution/1116960 https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •