6.8
CVSSv2

CVE-2020-27016

Published: 09/11/2020 Updated: 24/11/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an malicious user to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

trendmicro interscan_messaging_security_virtual_appliance

Mailing Lists

SEC Consult Vulnerability Lab Security Advisory < 20201104-0 > ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) vulnerable version: < 910 Critical Patch Build 2025 fixed versi ...
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 910 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities ...