Vulnerabilities > Trendmicro > Interscan Messaging Security Virtual Appliance > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
4.9
2020-11-09 CVE-2020-27694 Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
network
low complexity
trendmicro
6.5
2020-11-09 CVE-2020-27017 XML Entity Expansion vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files.
network
low complexity
trendmicro CWE-776
4.0
2020-11-09 CVE-2020-27016 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page.
6.8
2018-02-16 CVE-2018-3609 Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
4.3
2017-08-03 CVE-2017-11392 Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-77
6.5
2017-08-03 CVE-2017-11391 Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-77
6.5
2017-04-18 CVE-2017-7896 Cross-site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
network
trendmicro CWE-79
4.3
2014-05-30 CVE-2014-3922 Cross-Site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.
network
trendmicro CWE-79
4.3