TrendMicro Interscan Web Security Virtual Appliance

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

CVE-2021-31521 5.4 - Medium - June 17, 2021

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.

XSS

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability

CVE-2021-25252 5.5 - Medium - March 03, 2021

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Resource Exhaustion

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-8461 8.8 - High - December 17, 2020

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

Session Riding

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-8462 4.8 - Medium - December 17, 2020

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.

XSS

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-8463 7.5 - High - December 17, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

AuthZ

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests

CVE-2020-8464 7.5 - High - December 17, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.

XSPA

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-8465 9.8 - Critical - December 17, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

authentification

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could

CVE-2020-8466 9.8 - Critical - December 17, 2020

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

Command Injection

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-27010 4.8 - Medium - December 17, 2020

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.

XSS

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-28578 9.8 - Critical - November 18, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

Memory Corruption

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-28581 7.2 - High - November 18, 2020

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Shell injection

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-28580 7.2 - High - November 18, 2020

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Shell injection

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could

CVE-2020-28579 8.8 - High - November 18, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

Memory Corruption

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may

CVE-2020-8604 7.5 - High - May 27, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.

Directory traversal

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may

CVE-2020-8606 9.8 - Critical - May 27, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.

authentification

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may

CVE-2020-8605 8.8 - High - May 27, 2020

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.

Shell injection

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could

CVE-2019-9490 8.8 - High - April 05, 2019

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may

CVE-2017-11396 7.2 - High - September 22, 2017

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.