Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 Patch 1

CPE Details

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 Patch 1
trendmicro
interscan_messaging_security_virtual_appliance
9.1
2020-08-20
10h14 +00:00
2020-08-20
10h14 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:patch1:*:*:*:*:*:*

Informations

Vendor

trendmicro

Product

interscan_messaging_security_virtual_appliance

Version

9.1

Update

patch1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-27019 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
5.5
Moyen
CVE-2020-27693 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
4.4
Moyen
CVE-2020-27694 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
8.8
Haute
CVE-2020-27017 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.
4.9
Moyen
CVE-2020-27018 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.
5.5
Moyen
CVE-2020-27016 2020-11-09 22h10 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.
8.8
Haute
CVE-2018-3609 2018-02-16 21h00 +00:00 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
8.1
Haute
CVE-2017-11391 2017-08-03 15h00 +00:00 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
8.8
Haute
CVE-2017-11392 2017-08-03 15h00 +00:00 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
8.8
Haute
CVE-2017-7896 2017-04-18 13h00 +00:00 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
6.1
Moyen