Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-8465 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
network
low complexity
trendmicro CWE-352
critical
9.8
2020-12-17 CVE-2020-8466 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
network
low complexity
trendmicro CWE-78
critical
9.8
2020-11-18 CVE-2020-28578 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
critical
9.8
2020-05-27 CVE-2020-8606 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
network
low complexity
trendmicro CWE-287
critical
9.8
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
9.9