CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8466

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile19.40th
PublishedDec 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

Affected Platforms (CPE)

πŸ“¦
Trendmicro

Interscan Web Security Virtual Appliance

= 6.5

References & Advisories

πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
πŸ”— https://success.trendmicro.com/solution/000283077
πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
πŸ”— https://success.trendmicro.com/solution/000283077

Related Vulnerabilities

CVE-2016-92699.9

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSV...

CVE-2020-86069.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on...

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-84659.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updat...