The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of InterScan Web Security Suite

weakness note CVE-2019-9490

Trend Micro InterScan Web Security Virtual Appliance: information disclosure via Administrator Credential

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Administrator Credential of Trend Micro InterScan Web Security Virtual Appliance, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 08/04/2019.
Identifiers: 1122326, CVE-2019-9490, VIGILANCE-VUL-28961.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Administrator Credential of Trend Micro InterScan Web Security Virtual Appliance, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2017-11396

Trend Micro InterScan Web Security: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security, in order to make the server run arbitrary machine code.
Severity: 2/4.
Creation date: 23/05/2017.
Identifiers: 1117412, CVE-2017-11396, JVNVU#90447827, VIGILANCE-VUL-22804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security, in order to make the server run arbitrary machine code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-6340 CVE-2017-6338 CVE-2017-6339

Trend Micro InterScan Web Security Suite: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security Suite of type code injection, privilege escalation, information leak and stored XSS.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/03/2017.
Revisions dates: 30/03/2017, 31/03/2017, 03/04/2017.
Identifiers: 1116960, CVE-2016-6340, CVE-2017-6338, CVE-2017-6339, VIGILANCE-VUL-22281, ZDI-17-193, ZDI-17-194, ZDI-17-195, ZDI-17-196, ZDI-17-197, ZDI-17-198, ZDI-17-199, ZDI-17-200, ZDI-17-201, ZDI-17-202, ZDI-17-203, ZDI-17-204, ZDI-17-205, ZDI-17-206, ZDI-17-207, ZDI-17-208, ZDI-17-209, ZDI-17-210, ZDI-17-211, ZDI-17-212, ZDI-17-213, ZDI-17-214, ZDI-17-215, ZDI-17-216, ZDI-17-217, ZDI-17-218, ZDI-17-219, ZDI-17-220, ZDI-17-221, ZDI-17-222, ZDI-17-223, ZDI-17-224, ZDI-17-225, ZDI-17-226, ZDI-17-227, ZDI-17-228, ZDI-17-229, ZDI-17-230, ZDI-17-231, ZDI-17-232, ZDI-17-233.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use at least 43 vulnerabilities of Trend Micro InterScan Web Security Suite of type code injection, privilege escalation, information leak and stored XSS.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2016-9269 CVE-2016-9314 CVE-2016-9315

Trend Micro InterScan Web Security Suite: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security Suite.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 16/02/2017.
Revision date: 27/02/2017.
Identifiers: CVE-2016-9269, CVE-2016-9314, CVE-2016-9315, CVE-2016-9316, VIGILANCE-VUL-21870.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Web Security Suite.

An authenticated attacker can upload a malicious file via ConfigBackup, in order for example to upload a Trojan. [severity:3/4; CVE-2016-9314]

An authenticated attacker can use the page updateaccountadministration, in order to get administator's privileges. [severity:3/4; CVE-2016-9315]

An attacker can restore a modified backup of the system configuration, in order to get root privileges on the underlying Linux. [severity:3/4; CVE-2016-9314]

An attacker can trigger a stored Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-9316]

An attacker can bypass security features via ManagePatches, in order to escalate his privileges. [severity:2/4; CVE-2016-9269]

An attacker can use a vulnerability via saveCert.imss, in order to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert 19684

Trend Micro InterScan Web Security Virtual Appliance: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security Virtual Appliance.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 23/05/2016.
Identifiers: VIGILANCE-VUL-19684, ZDI-16-348, ZDI-16-349, ZDI-16-350, ZDI-16-351.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Web Security Virtual Appliance.

An attacker can use a vulnerability via ManagePatches, in order to run code. [severity:3/4; ZDI-16-348]

An attacker can use a vulnerability via /rest/testConfiguration, in order to run code. [severity:3/4; ZDI-16-349]

An attacker can use a vulnerability via /rest/wmi_domain_controllers, in order to run code. [severity:3/4; ZDI-16-350]

An attacker can use a vulnerability via /rest/domains, in order to run code. [severity:3/4; ZDI-16-351]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-8510

Trend Micro InterScan Web Security: file reading via AdminUI

Synthesis of the vulnerability

An attacker can read files via the administration Web application of Trend Micro InterScan Web Security, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 07/11/2014.
Identifiers: CVE-2014-8510, VIGILANCE-VUL-15610, ZDI-14-373.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Trend Micro InterScan Web Security product provides an administration Web application.

However, an authenticated user can insert file paths into some fields of the man machine interface, in order to get the content of any file readable by the Web server.

An attacker can therefore read files via the administration Web application of Trend Micro InterScan Web Security, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Severity: 3/4.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note 11103

Trend Micro InterScan Web Security Suite: privilege elevation

Synthesis of the vulnerability

A local attacker can use the patchCmd program of Trendmicro InterScan Web Security Suite, in order to gain root privileges.
Severity: 2/4.
Creation date: 27/10/2011.
Identifiers: BID-50380, VIGILANCE-VUL-11103.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Trend Micro InterScan Web Security Suite product installs the /opt/trend/iwss/data/patch/bin/patchCmd tool, which is used to patch and unpatch (roolback) a program. The patchCmd tool is installed suid root.

This tool calls the "./PatchExe.sh" and "./RollbackExe.sh" shell scripts. However, these scripts are run from the current directory. If the attacker created a malicious program with these names, and located in the current directory, they are thus executed with root privileges.

A local attacker can therefore use the patchCmd program of Trend Micro InterScan Web Security Suite, in order to gain root privileges.
Full Vigil@nce bulletin... (Free trial)

security vulnerability 9726

Trend Micro InterScan Web Security: five vulnerabilities

Synthesis of the vulnerability

Five vulnerabilities of Trend Micro InterScan Web Security Virtual Appliance can be used by an attacker to read/alter information or to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 23/06/2010.
Revision date: 02/07/2010.
Identifiers: BID-41039, BID-41072, BID-41296, CYBSEC Advisory#2010-0604, CYBSEC Advisory#2010-0605, CYBSEC Advisory#2010-0606, CYBSEC Advisory#2010-0701, VIGILANCE-VUL-9726.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Five vulnerabilities were announced in Trend Micro InterScan Web Security Virtual Appliance.

An attacker can use a Cross Site Request Forgery in order to alter rules or to add an administrator. [severity:3/4; BID-41039]

A local attacker can use uihelper in order to execute commands as root. [severity:2/4; BID-41072, CYBSEC Advisory#2010-0604]

An attacker can use com.trend.iwss.gui.servlet.XMLRPCcert to upload a file on the server. [severity:3/4; BID-41072, CYBSEC Advisory#2010-0605]

An attacker can use com.trend.iwss.gui.servlet.exportreport to read a file. [severity:3/4; BID-41072, CYBSEC Advisory#2010-0606]

An attacker can use "desc", "metrics__notify_body" or "metrics__notify_subject" parameters, in order to generate a Cross Site Scripting. [severity:2/4; CYBSEC Advisory#2010-0701]
Full Vigil@nce bulletin... (Free trial)

cybersecurity note 8683

Trend Micro: bypassing via RAR, CAB and ZIP

Synthesis of the vulnerability

An attacker can create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Identifiers: BID-34763, TZO-17-2009, VIGILANCE-VUL-8683.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Trend Micro products detect viruses contained in RAR, CAB and ZIP archives.

However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Unzip tools, but which cannot be opened by the antivirus.

Depending on Trend Micro product, these archives are handled in three ways:

OfficeScan and ServerProtect are vulnerable when Unrar/Unzip extracts the file on the desktop computer. These products are thus vulnerable when installed on a scan server. [severity:2/4]

InterScan Web Security Suite and InterScan Messaging Security quarantine the file by default. These products are vulnerable if the administrator changed the default configuration. [severity:2/4]

ScanMail does not indicate that the unscanned archive potentially contains a virus. This product is vulnerable in its default configuration. [severity:2/4]

An attacker can therefore create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about InterScan Web Security Suite: