Published: 05/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Subscribe to Interscan Web Security Virtual Appliance

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trendmicro interscan web security virtual appliance

# Exploit Title: [Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 65x Multiple Vulnerabilities] # Date: [12/01/2017] # Exploit Author: [SlidingWindow] , Twitter: @Kapil_Khot # Vendor Homepage: [wwwtrendmicrocom/us/enterprise/network-security/interscan-web-security/virtual-appliance/] # Version: [Tested on IWSVA 65-SP2 Crit ...

Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 65 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities ...

CWE-732 https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf https://success.trendmicro.com/solution/1116960 http://www.securityfocus.com/bid/97482 https://nvd.nist.gov https://www.exploit-db.com/exploits/42013/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6338

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect