CVE-2020-27018

Published: Nov 9, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.

Affected (1)

Products: Trendmicro: Interscan Messaging Security Virtual Appliance

1 product

Interscan Messaging Security Virtual Appliance

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Interscan Messaging Security Virtual Appliance	Up to 9.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/

Source: security@trendmicro.com

ExploitThird Party Advisory

https://success.trendmicro.com/solution/000279833

Source: security@trendmicro.com

ExploitVendor Advisory

https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://success.trendmicro.com/solution/000279833

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.