CVEDB API

Vulnerabilities

Vulnerable Software

Trendmicro: >> Interscan Messaging Security Virtual Appliance Security Vulnerabilities

CVE-2017-7896

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.

CVSS Score

6.1

EPSS Score

0.004

Published

2017-04-18

CVE-2017-6398

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.

CVSS Score

8.8

EPSS Score

0.646

Published

2017-03-14

CVE-2014-3922

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

CVSS Score

4.3

EPSS Score

0.011

Published

2014-05-30

Page 2

Vulnerabilities

Vulnerable Software

Trendmicro: >> Interscan Messaging Security Virtual Appliance Security Vulnerabilities

Products

Pricing

Contact Us