Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-8466 | Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | 7.5 |
| 2020-12-17 | CVE-2020-8465 | Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | 10.0 |
| 2020-12-17 | CVE-2020-8464 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | 5.0 |
| 2020-12-17 | CVE-2020-8463 | Incorrect Authorization vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 5.0 |
| 2020-12-17 | CVE-2020-8462 | Cross-Site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | 3.5 |
| 2020-12-17 | CVE-2020-8461 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | 6.8 |
| 2020-12-17 | CVE-2020-27010 | Cross-Site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | 3.5 |
| 2020-12-01 | CVE-2020-28583 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | 5.0 |
| 2020-12-01 | CVE-2020-28582 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | 5.0 |
| 2020-12-01 | CVE-2020-28577 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | 5.0 |