SB2017092210 - Input validation error in InterScan Web Security Virtual Appliance

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092210

SB2017092210 - Input validation error in InterScan Web Security Virtual Appliance

Published: September 22, 2017 Updated: August 21, 2020

Security Bulletin ID SB2017092210
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2017-11396)

The vulnerability allows a remote privileged user to execute arbitrary code.

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.


Remediation

Install update from vendor's website.

References