CVE-2020-8464
Summary
| CVE | CVE-2020-8464 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-17 21:15:00 UTC |
| Updated | 2020-12-22 17:32:00 UTC |
| Description | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) | N/A | sec-consult.com | Exploit, Third Party Advisory |
| SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 | N/A | success.trendmicro.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.