Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-28581 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
7.2
2020-11-18 CVE-2020-28580 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
7.2
2020-11-18 CVE-2020-28579 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
8.8
2020-11-18 CVE-2020-28578 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
critical
9.8
2020-05-27 CVE-2020-8606 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
network
low complexity
trendmicro CWE-287
critical
9.8
2020-05-27 CVE-2020-8605 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations.
network
low complexity
trendmicro CWE-78
8.8
2020-05-27 CVE-2020-8604 Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
network
low complexity
trendmicro CWE-22
7.5
2020-05-27 CVE-2020-8603 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations.
network
low complexity
trendmicro CWE-79
6.1
2019-04-05 CVE-2019-9490 Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials.
network
low complexity
trendmicro
8.8
2017-09-22 CVE-2017-11396 Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
network
low complexity
trendmicro
7.2