The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2016-9269 CVE-2016-9314 CVE-2016-9315

Trend Micro InterScan Web Security Suite: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Web Security Suite.
Impacted products: InterScan Web Security Suite.
Severity: 3/4.
Creation date: 16/02/2017.
Revision date: 27/02/2017.
Identifiers: CVE-2016-9269, CVE-2016-9314, CVE-2016-9315, CVE-2016-9316, VIGILANCE-VUL-21870.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Web Security Suite.

An authenticated attacker can upload a malicious file via ConfigBackup, in order for example to upload a Trojan. [severity:3/4; CVE-2016-9314]

An authenticated attacker can use the page updateaccountadministration, in order to get administator's privileges. [severity:3/4; CVE-2016-9315]

An attacker can restore a modified backup of the system configuration, in order to get root privileges on the underlying Linux. [severity:3/4; CVE-2016-9314]

An attacker can trigger a stored Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-9316]

An attacker can bypass security features via ManagePatches, in order to escalate his privileges. [severity:2/4; CVE-2016-9269]

An attacker can use a vulnerability via saveCert.imss, in order to run code. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.