CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:sp2:*:*:*:*:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/ - Exploit, Third Party Advisory () https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/ - Exploit, Third Party Advisory
References () https://success.trendmicro.com/solution/000283077 - Vendor Advisory () https://success.trendmicro.com/solution/000283077 - Vendor Advisory

Information

Published : 2020-12-17 21:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-8466

Mitre link : CVE-2020-8466

CVE.ORG link : CVE-2020-8466


JSON object : View

Products Affected

trendmicro

  • interscan_web_security_virtual_appliance
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')