[Japanese]

JVNDB-2017-007422

InterScan Web Security Virtual Appliance vulnerable to code injection

Overview

InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 9.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Trend Micro, Inc.
  • TrendMicro InterScan Web Security Virtual Appliance 6.5 and earlier

Please refer to the vendor information for more details.
Impact

Arbitrary code may be executed by a user who logged-in to the management screen of the product as an administrator.
Solution

[Apply the Patch]
Apply the patch according to the information provided by the developer.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2017-11396
References

  1. JVN : JVNVU#90447827
  2. National Vulnerability Database (NVD) : CVE-2017-11396
Revision History

  • [2017/09/21]
      Web page was published
  • [2018/03/07]
      References : Content was added

Date Public2017/05/22
Date First Published2017/09/21
Date Last Updated2018/03/07