cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-27019,https://securityvulnerability.io/vulnerability/CVE-2020-27019,Information Disclosure Flaw in Trend Micro InterScan Messaging Security Virtual Appliance,"The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is susceptible to an information disclosure vulnerability. This flaw allows attackers to potentially retrieve sensitive database information and cryptographic keys, which could lead to unauthorized access to confidential data. Organizations using this product should assess their systems to mitigate the risks associated with this vulnerability.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),5.5,MEDIUM,0.0030799999367445707,false,,false,false,false,,,false,false,,2020-11-09T23:10:35.000Z,0
CVE-2020-27694,https://securityvulnerability.io/vulnerability/CVE-2020-27694,Library Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance,"The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 has a vulnerability due to an outdated critical library. This flaw may allow attackers to exploit the system, potentially compromising the security of email communications processed by the appliance. Ensuring the library is updated and patched is essential for maintaining the integrity and security of the messaging environment.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),8.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2020-11-09T23:10:35.000Z,0
CVE-2020-27693,https://securityvulnerability.io/vulnerability/CVE-2020-27693,Outdated Password Hashing in Trend Micro Messaging Security Appliance,"The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 contains a vulnerability where administrative passwords are stored using outdated hashing algorithms. This practice can expose sensitive credentials and increase the risk of unauthorized access, potentially leading to severe security breaches. Organizations utilizing this appliance should take immediate action to update their security practices and ensure stronger password management.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),4.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-11-09T23:10:35.000Z,0
CVE-2020-27018,https://securityvulnerability.io/vulnerability/CVE-2020-27018,Server Side Request Forgery in Trend Micro InterScan Messaging Security Virtual Appliance,"The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is susceptible to a server side request forgery vulnerability. This issue allows an authenticated attacker, who has already gained valid credentials, to manipulate the product's web server. Exploiting this vulnerability could provide the attacker with unauthorized access to web resources or sensitive local file components, thereby posing a significant security risk.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),5.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-11-09T23:10:34.000Z,0
CVE-2020-27017,https://securityvulnerability.io/vulnerability/CVE-2020-27017,XML External Entity Processing Vulnerability in Trend Micro InterScan Messaging Security,"The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is susceptible to an XML External Entity Processing (XXE) vulnerability. This flaw permits an authenticated administrator with root privileges to access and read arbitrary local files, potentially exposing sensitive data. The exploitation requires that the attacker has already gained administrative access, highlighting the importance of securing login credentials and maintaining rigorous access controls.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),4.9,MEDIUM,0.0013500000350177288,false,,false,false,false,,,false,false,,2020-11-09T23:10:34.000Z,0
CVE-2020-27016,https://securityvulnerability.io/vulnerability/CVE-2020-27016,Cross-Site Request Forgery in Trend Micro InterScan Messaging Security Virtual Appliance,"The Trend Micro InterScan Messaging Security Virtual Appliance version 9.1 is susceptible to a cross-site request forgery (CSRF) that enables an attacker to manipulate policy rules. This is accomplished by deceiving an authenticated administrator into interacting with a malicious webpage controlled by the attacker. To exploit this vulnerability, the attacker must first have gained administrative root privileges on the affected system.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance (imsva),8.8,HIGH,0.0035699999425560236,false,,false,false,false,,,false,false,,2020-11-09T23:10:33.000Z,0
CVE-2018-3609,https://securityvulnerability.io/vulnerability/CVE-2018-3609,,A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.,Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance,8.1,HIGH,0.009999999776482582,false,,false,false,false,,,false,false,,2018-02-16T22:00:00.000Z,0
CVE-2017-11392,https://securityvulnerability.io/vulnerability/CVE-2017-11392,,"Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the ""T"" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance,8.8,HIGH,0.11351999640464783,false,,false,false,false,,,false,false,,2017-08-03T15:29:00.000Z,0
CVE-2017-11391,https://securityvulnerability.io/vulnerability/CVE-2017-11391,,"Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the ""t"" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.",Trend Micro,Trend Micro Interscan Messaging Security Virtual Appliance,8.8,HIGH,0.06768999993801117,false,,false,false,false,,,false,false,,2017-08-03T15:29:00.000Z,0