Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance > High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-21	CVE-2016-9315	Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. network low complexity trendmicro CWE-264	8.8
2017-02-21	CVE-2016-9314	Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. local low complexity trendmicro CWE-200	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.