CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-8466

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile19.40th
Published2020年12月17日
Last Modified2024年11月21日

Vulnerability Description

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

Affected Platforms (CPE)

📦
Trendmicro

Interscan Web Security Virtual Appliance

= 6.5

References & Advisories

🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
🔗 https://success.trendmicro.com/solution/000283077
🔗 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
🔗 https://success.trendmicro.com/solution/000283077

関連する脆弱性情報

CVE-2016-92699.9

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSV...

CVE-2020-86069.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on...

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-84659.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updat...