Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-17 | CVE-2020-8464 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | 7.5 |
2020-12-17 | CVE-2020-8463 | Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 7.5 |
2020-12-17 | CVE-2020-8461 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | 8.8 |
2020-11-18 | CVE-2020-28581 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
2020-11-18 | CVE-2020-28580 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
2020-11-18 | CVE-2020-28579 | Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 8.8 |
2020-05-27 | CVE-2020-8605 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. | 8.8 |
2020-05-27 | CVE-2020-8604 | Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. | 7.5 |
2019-04-05 | CVE-2019-9490 | Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. | 8.8 |
2017-09-22 | CVE-2017-11396 | Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 7.2 |