Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-6340 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.
network
trendmicro CWE-79
3.5
2017-04-05 CVE-2017-6339 Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data.
network
low complexity
trendmicro CWE-521
4.0
2017-04-05 CVE-2017-6338 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
network
low complexity
trendmicro CWE-732
4.0
2017-02-21 CVE-2016-9316 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.
network
trendmicro CWE-79
3.5
2017-02-21 CVE-2016-9315 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts.
network
low complexity
trendmicro CWE-264
4.0
2017-02-21 CVE-2016-9314 Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine.
network
low complexity
trendmicro CWE-200
4.0
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
9.0
2014-11-07 CVE-2014-8510 Improper Input Validation vulnerability in Trendmicro Interscan web Security Virtual Appliance
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.
network
low complexity
trendmicro CWE-20
4.0
2009-02-17 CVE-2009-0612 Information Exposure vulnerability in Trendmicro products
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
4.3