CVE-2020-8603

6.1MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Interscan Web Security Virtual Appliance
Vendor: CVE Published:; 27 May 2020

Summary

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Affected Version(s)

Trend Micro InterScan Web Security Virtual Appliance 6.5

References

https://www.zerodayinitiative.com/advisories/ZDI-20-675/

x_refsource_MISC

https://success.trendmicro.com/solution/000253095

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2020
Vulnerability Reserved
Feb 4, 2020