Information Disclosure Flaw in Trend Micro InterScan Messaging Security Virtual Appliance
CVE-2020-27019

5.5MEDIUM

Key Information:

Vendor
Trend Micro
Status
Trend Micro Interscan Messaging Security Virtual Appliance (imsva)
Vendor
CVE Published:
9 November 2020

Summary

The Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 is susceptible to an information disclosure vulnerability. This flaw allows attackers to potentially retrieve sensitive database information and cryptographic keys, which could lead to unauthorized access to confidential data. Organizations using this product should assess their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1

References

https://success.trendmicro.com/solution/000279833
x_refsource_MISC
https://sec-consult.com/en/blog/advisories/vulnerabilitie...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.