Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-8465 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
network
low complexity
trendmicro CWE-287
critical
10.0
2020-11-18 CVE-2020-28580 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
critical
9.0
2020-11-18 CVE-2020-28581 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
critical
9.0
2017-09-22 CVE-2017-11396 Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
network
low complexity
trendmicro
critical
9.0
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
9.0