NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*
CPE Name Search: true

There are 10 matching records.

Displaying matches 1 through 10.

Vuln ID	Summary	CVSS Severity
CVE-2020-27694	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM
CVE-2020-27693	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW
CVE-2020-27019	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW
CVE-2020-27018	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW
CVE-2020-27017	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM
CVE-2020-27016	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. Published: November 09, 2020; 6:15:12 PM -0500	V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM
CVE-2018-3609	A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. Published: February 16, 2018; 5:29:00 PM -0500	V4.0:(not available) V3.0: 8.1 HIGH V2.0: 4.3 MEDIUM
CVE-2017-11392	Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. Published: August 03, 2017; 11:29:00 AM -0400	V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM
CVE-2017-11391	Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Published: August 03, 2017; 11:29:00 AM -0400	V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM
CVE-2017-7896	Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Published: April 18, 2017; 11:59:00 AM -0400	V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM