Vulnerabilities > CVE-2020-27018 - Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
- https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
- https://success.trendmicro.com/solution/000279833
- https://success.trendmicro.com/solution/000279833