cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-36359,https://securityvulnerability.io/vulnerability/CVE-2024-36359,Potential Privilege Escalation Vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5,"A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2021-31521,https://securityvulnerability.io/vulnerability/CVE-2021-31521,Reflected Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"The InterScan Web Security Virtual Appliance version 6.5 from Trend Micro contains a reflected cross-site scripting (XSS) vulnerability within its Captive Portal feature. This security flaw could allow an attacker to inject arbitrary web applications into pages presented to users, potentially leading to unauthorized actions or exposure of sensitive information, thereby compromising the security of web interactions.",Trend Micro,"Trend Micro Interscan Web Security Virtual Appliance ",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-06-17T11:42:50.000Z,0
CVE-2020-8466,https://securityvulnerability.io/vulnerability/CVE-2020-8466,Command Injection Flaw in Trend Micro's InterScan Web Security Virtual Appliance,"A command injection vulnerability has been identified in the Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, particularly with the enhanced password hashing feature enabled. This flaw could potentially allow an unauthenticated attacker to execute arbitrary commands on the system by supplying a crafted password. Security implications include the risk of exposure to unauthorized actions and data breaches, highlighting the need for timely patching and security measures.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,9.8,CRITICAL,0.3960700035095215,false,,false,false,false,,,false,false,,2020-12-17T21:05:48.000Z,0
CVE-2020-8465,https://securityvulnerability.io/vulnerability/CVE-2020-8465,Authentication Bypass Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A significant vulnerability has been identified in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, which allows attackers to exploit flaws related to CSRF and authentication bypass. By leveraging these vulnerabilities, an attacker could manipulate system updates and gain unauthorized access to execute code with root privileges. This could lead to severe security breaches, risking the integrity of the entire web security infrastructure.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,9.8,CRITICAL,0.01372000016272068,false,,false,false,false,,,false,false,,2020-12-17T21:05:47.000Z,0
CVE-2020-8463,https://securityvulnerability.io/vulnerability/CVE-2020-8463,Authorization Bypass in Trend Micro InterScan Web Security Virtual Appliance,"A flaw in the Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 allows attackers to bypass global authorization checks meant for anonymous users. By manipulating request paths, an attacker can gain unauthorized access, compromising the security integrity of the web application's users and potential data. It's crucial for organizations using this product to implement immediate updates and monitoring to protect against possible exploits.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,7.5,HIGH,0.0037700000684708357,false,,false,false,false,,,false,false,,2020-12-17T21:05:46.000Z,0
CVE-2020-8464,https://securityvulnerability.io/vulnerability/CVE-2020-8464,Localhost Request Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 that enables attackers to craft requests mimicking those originating from the localhost. This flaw can potentially expose the product's admin interface to unauthorized users, facilitating access that shouldn’t typically be granted. It underscores the importance of monitoring and securing administrative access to prevent unauthorized exploitation.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,7.5,HIGH,0.005009999964386225,false,,false,false,false,,,false,false,,2020-12-17T21:05:46.000Z,0
CVE-2020-8462,https://securityvulnerability.io/vulnerability/CVE-2020-8462,Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Appliance,"A cross-site scripting vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, potentially allowing attackers to manipulate the web interface. If exploited, this vulnerability could lead to unauthorized actions and data exposure, posing significant security risks for users. It is crucial for organizations to update their systems and implementstrong security measures to mitigate such risks.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,4.8,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2020-12-17T21:05:45.000Z,0
CVE-2020-8461,https://securityvulnerability.io/vulnerability/CVE-2020-8461,CSRF Protection Bypass in Trend Micro InterScan Web Security Virtual Appliance,"A CSRF protection bypass vulnerability exists in Trend Micro's InterScan Web Security Virtual Appliance 6.5 SP2. This flaw allows attackers to exploit the mechanism of CSRF protections, enabling them to craft and send specially encoded requests through a victim's browser without needing a valid CSRF token. Such an exploit could lead to unauthorized commands being executed on behalf of the user who has been tricked into making the request, potentially compromising security and system integrity.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,8.8,HIGH,0.00394000019878149,false,,false,false,false,,,false,false,,2020-12-17T21:05:45.000Z,0
CVE-2020-27010,https://securityvulnerability.io/vulnerability/CVE-2020-27010,Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Appliance,"A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 may allow attackers to manipulate the web interface. This exploit could lead to unauthorized access or other malicious actions, highlighting the need for prompt updates and security measures.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-12-17T21:05:44.000Z,0
CVE-2020-28581,https://securityvulnerability.io/vulnerability/CVE-2020-28581,Command Injection Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A command injection vulnerability exists in the ModifyVLANItem function of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. This issue allows an authenticated remote attacker to craft specific HTTP requests that can execute arbitrary OS commands with elevated privileges on the affected system. This vulnerability poses significant risks, as it can lead to unauthorized actions on behalf of the attacker, compromising system integrity and data security.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,7.2,HIGH,0.00773000018671155,false,,false,false,false,,,false,false,,2020-11-18T18:45:41.000Z,0
CVE-2020-28579,https://securityvulnerability.io/vulnerability/CVE-2020-28579,Remote Code Execution Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 permits an authenticated, remote attacker to exploit a specially crafted HTTP message. This could lead to remote code execution with elevated privileges, potentially compromising the integrity and confidentiality of data managed by the appliance.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,8.8,HIGH,0.004559999797493219,false,,false,false,false,,,false,false,,2020-11-18T18:45:40.000Z,0
CVE-2020-28580,https://securityvulnerability.io/vulnerability/CVE-2020-28580,Command Injection Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"The command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 allows an authenticated remote attacker to exploit the system by sending specially crafted HTTP messages. This exploitation can lead to the execution of arbitrary OS commands with elevated privileges, potentially compromising the integrity and security of the affected systems. Organizations using this version should apply security updates promptly to mitigate the risk.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,7.2,HIGH,0.00773000018671155,false,,false,false,false,,,false,false,,2020-11-18T18:45:40.000Z,0
CVE-2020-28578,https://securityvulnerability.io/vulnerability/CVE-2020-28578,Remote Code Execution Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A vulnerability exists in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 that allows unauthenticated remote attackers to execute arbitrary code with elevated privileges. By sending a specially crafted HTTP message, these attackers can exploit the flaw, potentially compromising the security and integrity of systems utilizing this product.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,9.8,CRITICAL,0.003980000037699938,false,,false,false,false,,,false,false,,2020-11-18T18:45:39.000Z,0
CVE-2020-8606,https://securityvulnerability.io/vulnerability/CVE-2020-8606,Authentication Bypass in Trend Micro Web Security Appliance,"A recognized vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 allows remote attackers to bypass authentication mechanisms, leading to unauthorized access to the web security functionalities. This loophole can compromise system integrity, enabling potential exploitation by malicious actors. Users of affected versions should prioritize immediate action to secure their installations.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,9.8,CRITICAL,0.9706100225448608,false,,false,false,true,2020-06-14T17:33:46.000Z,true,false,false,,2020-05-27T23:15:00.000Z,0
CVE-2020-8605,https://securityvulnerability.io/vulnerability/CVE-2020-8605,Remote Code Execution Vulnerability in Trend Micro InterScan Web Security,"A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 could potentially allow remote attackers to execute arbitrary code on affected systems. While authentication is necessary to exploit this flaw, its presence poses a significant risk, emphasizing the importance of timely security updates and system integrity for organizations utilizing this product.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,8.8,HIGH,0.8949499726295471,false,,false,false,true,2020-06-14T17:33:46.000Z,true,false,false,,2020-05-27T23:15:00.000Z,0
CVE-2020-8604,https://securityvulnerability.io/vulnerability/CVE-2020-8604,Remote Information Disclosure in Trend Micro InterScan Web Security Virtual Appliance,"A vulnerability in the Trend Micro InterScan Web Security Virtual Appliance version 6.5 permits remote attackers to potentially access sensitive information on affected installations. This vulnerability can be exploited by unauthorized users, leading to a risk of disclosing confidential data, which could compromise the system's integrity and confidentiality.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,7.5,HIGH,0.9721699953079224,false,,false,false,true,2020-06-14T17:33:46.000Z,true,false,false,,2020-05-27T23:15:00.000Z,0
CVE-2020-8603,https://securityvulnerability.io/vulnerability/CVE-2020-8603,Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Virtual Appliance,"A cross-site scripting vulnerability exists in the web interface of Trend Micro InterScan Web Security Virtual Appliance 6.5. This flaw could allow a remote attacker to execute malicious scripts in the context of affected users. To exploit this vulnerability, a user must navigate to a crafted web page or interact with a malicious file, enabling the attacker to manipulate the web interface and potentially compromise user data and security.",Trend Micro,Trend Micro Interscan Web Security Virtual Appliance,6.1,MEDIUM,0.0022700000554323196,false,,false,false,false,,,false,false,,2020-05-27T23:15:00.000Z,0