CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31521
https://notcve.org/view.php?id=CVE-2021-31521
17 Jun 2021 — Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Trend Micro InterScan Web Security Virtual Appliance versión 6.5 se ha detectado que presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el producto de Captive Portal • https://success.trendmicro.com/solution/000286452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27010
https://notcve.org/view.php?id=CVE-2020-27010
17 Dec 2020 — A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular la interfaz web del producto de una manera diferente del CVE-2020-8462 similar • https://success.trendmicro.com/solution/000283077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8461 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8461
17 Dec 2020 — A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. Una vulnerabilidad de omisión de protección CSRF en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante conseguir que el navegador de la víctima envíe una petición codificada específicamente sin requerir un token CSRF válido Trend Mic... • https://packetstorm.news/files/id/160602 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8462 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8462
17 Dec 2020 — A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular a la interfaz web del producto Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command... • https://packetstorm.news/files/id/160602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8463 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8463
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante omitir una comprobación de autorización global para usuarios anónimos mediante la manipulación de rutas de petición Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 ... • https://packetstorm.news/files/id/160602 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8464 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8464
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante enviar peticiones que parecen provenir del host local, lo que podría exponer la interfaz de administración del producto a usuarios que n... • https://packetstorm.news/files/id/160602 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8465 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8465
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular las actualizaciones del sistema mediante una combinación de omisión de CSRF (CVE-2020-8461) y una omisión de autenticación (... • https://packetstorm.news/files/id/160602 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 27%CPEs: 1EXPL: 2CVE-2020-8466 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8466
17 Dec 2020 — A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. Una vulnerabilidad de inyección de comandos en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, con el método habilitado de hashing de contraseña mejorado, podría permitir a un atacante no autenticado ejecutar determinados comandos al p... • https://packetstorm.news/files/id/160602 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 73%CPEs: 1EXPL: 1CVE-2020-28581
https://notcve.org/view.php?id=CVE-2020-28581
18 Nov 2020 — A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en ModifyVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos d... • https://success.trendmicro.com/solution/000281954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •