CVE-2020-8466
Summary
| CVE | CVE-2020-8466 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-17 21:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) | N/A | sec-consult.com | Exploit, Third Party Advisory |
| SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 | N/A | success.trendmicro.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.