Published: 21/02/2017 Updated: 25/07/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Subscribe to Interscan Web Security Virtual Appliance

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trendmicro interscan web security virtual appliance

# Exploit Title: [Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 65x Multiple Vulnerabilities] # Date: [28/11/2016] # Exploit Author: [SlidingWindow] , Twitter: @Kapil_Khot # Vendor Homepage: [wwwtrendmicrocom/us/enterprise/network-security/interscan-web-security/virtual-appliance/] # Version: [Tested on IWSVA version 65- ...

CWE-264 https://success.trendmicro.com/solution/1116672 http://www.securityfocus.com/bid/96252 http://www.securitytracker.com/id/1037849 https://nvd.nist.gov https://www.exploit-db.com/exploits/41361/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9315

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect