Skip to main content

Interscan Web Security Virtual Appliance

28 CVEs product

Monthly

CVE-2024-36359 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-31521 MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-8466 CRITICAL POC THREAT Act Now

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
63.7%
CVE-2020-8465 CRITICAL POC Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8464 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8463 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
5.9%
CVE-2020-8462 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-8461 HIGH POC This Week

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-27010 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-28581 HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28580 HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28579 HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2020-28578 CRITICAL POC THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.3%
CVE-2020-8606 CRITICAL POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.7%
CVE-2020-8605 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
87.6%
CVE-2020-8604 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-8603 MEDIUM PATCH This Month

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-9490 HIGH This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-11396 HIGH PATCH This Week

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2017-6340 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6339 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.7%
CVE-2017-6338 MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-9316 MEDIUM POC PATCH This Month

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2016-9315 HIGH POC This Week

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2016-9314 HIGH POC PATCH This Week

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2016-9269 CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
6.8%
CVE-2014-8510 MEDIUM This Month

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 0% CVSS 5.4
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 64% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Authentication Bypass +1
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 45% CVSS 7.2
HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 45% CVSS 7.2
HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
EPSS 49% CVSS 8.8
HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro +2
NVD
EPSS 72% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro +2
NVD
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Interscan Web Security Virtual Appliance
NVD
EPSS 88% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection +1
NVD Exploit-DB
EPSS 90% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 6% CVSS 8.8
HIGH POC This Week

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 7% CVSS 9.9
CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy