Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
8.8
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
8.8
8.8
2017-04-28 CVE-2016-8584 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
network
low complexity
trendmicro CWE-284
critical
 9.8
9.8
2017-04-18 CVE-2017-7896 Cross-site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
network
low complexity
trendmicro CWE-79
6.1
6.1
2017-04-12 CVE-2016-7552 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root.
network
low complexity
trendmicro CWE-22
critical
 9.8
9.8
2017-04-12 CVE-2016-7547 7PK - Time and State vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
network
low complexity
trendmicro CWE-361
critical
 9.8
9.8
2017-04-05 CVE-2017-6340 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.
network
low complexity
trendmicro CWE-79
5.4
5.4
2017-04-05 CVE-2017-6339 Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data.
network
low complexity
trendmicro CWE-521
6.5
6.5
2017-04-05 CVE-2017-6338 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
network
low complexity
trendmicro CWE-732
6.5
6.5
2017-03-31 CVE-2016-9319 Improper Certificate Validation vulnerability in Trendmicro Mobile Security 9.7
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
network
high complexity
trendmicro CWE-295
5.9
5.9