Vulnerability Details CVE-2020-27016
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
- https://success.trendmicro.com/solution/000279833
- https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
- https://success.trendmicro.com/solution/000279833
Products affected by CVE-2020-27016
-
cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516
-
cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0
-
cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1
-
cpe:2.3:o:microsoft:windows:-