Trendmicro Interscan Web Security Virtual Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Trendmicro Interscan Web Security Virtual Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2016-9269 — CVSS 9.9 (critical): Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA)…
CVE-2020-8466 — CVSS 9.8 (critical): A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing…
CVE-2020-8606 — CVSS 9.8 (critical): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected…
CVE-2020-28578 — CVSS 9.8 (critical): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a…
CVE-2020-8465 — CVSS 9.8 (critical): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using…
CVE-2016-9315 — CVSS 8.8 (high): Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual…
CVE-2019-9490 — CVSS 8.8 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose…
CVE-2020-28579 — CVSS 8.8 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a…
CVE-2020-8461 — CVSS 8.8 (high): A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a…
CVE-2020-8605 — CVSS 8.8 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on…
CVE-2016-9314 — CVSS 7.8 (high): Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)…
CVE-2020-8463 — CVSS 7.5 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization…
CVE-2020-8464 — CVSS 7.5 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to…
CVE-2020-8604 — CVSS 7.5 (high): A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on…
CVE-2020-28580 — CVSS 7.2 (high): A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an…
CVE-2020-28581 — CVSS 7.2 (high): A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an…
CVE-2017-11396 — CVSS 7.2 (high): Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow…
CVE-2017-6338 — CVSS 6.5 (medium): Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated…
CVE-2017-6339 — CVSS 6.5 (medium): Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA…
CVE-2020-8603 — CVSS 6.1 (medium): A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to…
CVE-2021-25252 — CVSS 5.5 (medium): Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may…
CVE-2024-36359 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to…
CVE-2016-9316 — CVSS 5.4 (medium): Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro…
CVE-2017-6340 — CVSS 5.4 (medium): Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name…
CVE-2021-31521 — CVSS 5.4 (medium): Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in…
CVE-2020-27010 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to…
CVE-2020-8462 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to…
CVE-2009-0612 — CVSS 4.3 (medium): Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is…
CVE-2014-8510 — CVSS 4.0 (medium): The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to…