CVE-2020-8604
Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versiĆ³n 6.5, puede permitir a atacantes remotos revelar informaciĆ³n confidencial sobre las instalaciones afectadas.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Apache Solr application. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of IWSS user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-04 CVE Reserved
- 2020-05-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-20-678 | Third Party Advisory | |
- |
URL | Date | SRC |
---|---|---|
https://success.trendmicro.com/solution/000253095 | 2022-04-27 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Interscan Web Security Virtual Appliance Search vendor "Trendmicro" for product "Interscan Web Security Virtual Appliance" | 6.5 Search vendor "Trendmicro" for product "Interscan Web Security Virtual Appliance" and version "6.5" | - |
Affected
|