CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-8465

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile7.73th
Published2020年12月17日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

Affected Platforms (CPE)

📦
Trendmicro

Interscan Web Security Virtual Appliance

= 6.5

References & Advisories

🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
🔗 https://success.trendmicro.com/solution/000283077
🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
🔗 https://success.trendmicro.com/solution/000283077

関連する脆弱性情報

CVE-2016-92699.9

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSV...

CVE-2020-86069.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on...

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-84669.8

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hash...