The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Trend Micro InterScan Web Security: file reading via AdminUI

Synthesis of the vulnerability 

An attacker can read files via the administration Web application of Trend Micro InterScan Web Security, in order to obtain sensitive information.
Impacted software: InterScan Web Security Suite.
Severity of this computer vulnerability: 2/4.
Creation date: 07/11/2014.
Références of this announce: CVE-2014-8510, VIGILANCE-VUL-15610, ZDI-14-373.

Description of the vulnerability 

The Trend Micro InterScan Web Security product provides an administration Web application.

However, an authenticated user can insert file paths into some fields of the man machine interface, in order to get the content of any file readable by the Web server.

An attacker can therefore read files via the administration Web application of Trend Micro InterScan Web Security, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as InterScan Web Security Suite.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is medium.

The trust level is of type confirmed by a trusted third party, with an origin of user account.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability bulletins. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.