CVE-2020-27018
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versión 9.1, es susceptible a una vulnerabilidad de tipo server side request forgery que podría permitir a un atacante autenticado abusar del servidor web del producto y otorgar acceso a recursos web o partes de archivos locales. Un atacante ya debe haber obtenido privilegios autenticados en el producto para explotar esta vulnerabilidad
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-12 CVE Reserved
- 2020-11-05 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Interscan Messaging Security Virtual Appliance Search vendor "Trendmicro" for product "Interscan Messaging Security Virtual Appliance" | <= 9.1 Search vendor "Trendmicro" for product "Interscan Messaging Security Virtual Appliance" and version " <= 9.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|