Main Vulnerability Database Vulnerabilities #VU41148

Input validation error in InterScan Web Security Virtual Appliance (IWSVA) - CVE-2014-8510

Published: November 7, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41148

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-8510

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Trend Micro

Affected software:
InterScan Web Security Virtual Appliance (IWSVA)

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.

How to mitigate CVE-2014-8510

Install update from vendor's website.

Sources

http://www.zerodayinitiative.com/advisories/ZDI-14-373/

Input validation error in InterScan Web Security Virtual Appliance (IWSVA) - CVE-2014-8510

Detailed vulnerability description

How to mitigate CVE-2014-8510

Sources

Please verify you're human