CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27017 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo XML External Entity Processing (XXE) que podría permitir a un administrador autenticado leer archivos locales arbitrarios. Un atacante ya debe haber obtenido privilegios de administrator/root del producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27694 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, ha actualizado una biblioteca crítica específica que puede ser vulnerable a ataques Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27019 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27019
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de divulgación de información que podría permitir a un atacante acceder a una base de datos y clave específica Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27016 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27016
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo cross-site request forgery (CSRF) que podría permitir a un atacante modificar las reglas de políticas engañando a un administrador autenticado para que acceda a una página web controlada por el atacante. Un atacante ya debe haber obtenido privilegios de administrator/root del producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27015 – Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27015
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. Trend Micro Antivirus for Mac 2020 (Consumer) contiene una vulnerabilidad de divulgación de información de mensajes de error que, si se explota, podría permitir que los punteros del núcleo y los mensajes de depuración se filtraran al terreno de los usuarios. Un atacante debe obtener primero la capacidad de ejecutar código de alto privilegio en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the KERedirect kext. • https://helpcenter.trendmicro.com/en-us/article/TMKA-09975 https://www.zerodayinitiative.com/advisories/ZDI-20-1286 • CWE-209: Generation of Error Message Containing Sensitive Information •