CyberSec.Space Logo
Back to CVE Browser

CVE-2020-27016

HIGH
8.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile20.86th
PublishedNov 9, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

Affected Platforms (CPE)

πŸ“¦
Trendmicro

Interscan Messaging Security Virtual Appliance

<= 9.1

References & Advisories

πŸ”— https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
πŸ”— https://success.trendmicro.com/solution/000279833
πŸ”— https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/
πŸ”— https://success.trendmicro.com/solution/000279833

Related Vulnerabilities

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-285798.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to s...

CVE-2020-276948.8

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable...

CVE-2017-63988.8

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execut...