CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28580

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.754

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

https://success.trendmicro.com/solution/000281954
https://www.tenable.com/security/research/tra-2020-63
https://success.trendmicro.com/solution/000281954
https://www.tenable.com/security/research/tra-2020-63

Products affected by CVE-2020-28580

Trendmicro » Interscan Web Security Virtual Appliance » Version: 6.5

cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28580

Products

Pricing

Contact Us