CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 2CVE-2020-8606 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8606
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos omitir la autenticación sobre las instalaciones afectadas de Trend Micro InterScan Web Security Virtual Appliance. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. The specific flaw exists within the Apache Solr application. The issue results from the lack of proper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. • http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-677 - • CWE-287: Improper Authentication •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8603 – Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-8603
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a un atacante remoto alterar la interfaz web de las instalaciones afectadas. Es requerida una interacción del usuario para explotar esta vulnerabilidad, en el que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso. This vulnerability allows remote attackers to tamper with the web interface of affected installations of Trend Micro InterScan Web Security Virtual Appliance. • https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 2CVE-2020-8604 – Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8604
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos revelar información confidencial sobre las instalaciones afectadas. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache Solr application. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-678 - • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 17%CPEs: 3EXPL: 0CVE-2020-8599 – Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8599
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019) y OfficeScan XG, contienen un archivo EXE vulnerable que podría permitir a un atacante remoto escribir datos arbitrarios en una ruta arbitraria en las instalaciones afectadas y omitir el inicio de sesión ROOT. No es requerida una autenticación para explotar esta vulnerabilidad. Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/solution/000245571 •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2020-8598
https://notcve.org/view.php?id=CVE-2020-8598
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante remoto ejecutar código arbitrario en instalaciones afectadas con privilegios de nivel SYSTEM. No es requerida una autenticación para explotar esta vulnerabilidad. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 • CWE-306: Missing Authentication for Critical Function •