Remote Code Injection Vulnerability in Trend Micro Web Security Virtual Appliance
CVE-2017-11396

7.2HIGH

Key Information:

Vendor: Trend Micro
Status: Interscan Web Security Virtual Appliance
Vendor: CVE Published:; 22 September 2017

Summary

A vulnerability in the Trend Micro Web Security Virtual Appliance 6.5 reveals issues with the web service's inspection of input parameters. This flaw could potentially allow attackers with administrative console access to execute malicious code remotely. Proper input validation and security measures are essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

InterScan Web Security Virtual Appliance 6.5

References

https://success.trendmicro.com/solution/1117412

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2017
Vulnerability Reserved
Jul 17, 2017