CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27018 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27018
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo server side request forgery que podría permitir a un atacante autenticado abusar del servidor web del producto y otorgar acceso a recursos web o partes de archivos locales. Un atacante ya debe haber obtenido privilegios autenticados en el producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27693 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27693
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, almacena las contraseñas administrativas mediante un hash que es considerado obsoleto Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27017 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27017
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo XML External Entity Processing (XXE) que podría permitir a un administrador autenticado leer archivos locales arbitrarios. Un atacante ya debe haber obtenido privilegios de administrator/root del producto para explotar esta vulnerabilidad Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2020-27694 – Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://notcve.org/view.php?id=CVE-2020-27694
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, ha actualizado una biblioteca crítica específica que puede ser vulnerable a ataques Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities. • https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva https://success.trendmicro.com/solution/000279833 •