CVE-2017-11396

7.2HIGH

Key Information:

Vendor: Trend Micro
Status: Interscan Web Security Virtual Appliance
Vendor: CVE Published:; 22 September 2017

Summary

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

Affected Version(s)

InterScan Web Security Virtual Appliance 6.5

References

https://success.trendmicro.com/solution/1117412

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2017
Vulnerability Reserved
Jul 17, 2017