CyberSec.Space Logo
Back to CVE Browser

CVE-2016-9269

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile6.20th
PublishedFeb 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.

Affected Platforms (CPE)

πŸ“¦
Trendmicro

Interscan Web Security Virtual Appliance

<= 6.5

References & Advisories

πŸ”— http://www.securityfocus.com/bid/96252
πŸ”— http://www.securitytracker.com/id/1037849
πŸ”— https://success.trendmicro.com/solution/1116672
πŸ”— http://www.securityfocus.com/bid/96252
πŸ”— http://www.securitytracker.com/id/1037849
πŸ”— https://success.trendmicro.com/solution/1116672

Related Vulnerabilities

CVE-2020-84659.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updat...

CVE-2020-86069.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on...

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-84669.8

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hash...