Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97482 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1116960 | Patch Vendor Advisory |
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-04-05 16:59
Updated : 2024-02-04 19:11
NVD link : CVE-2017-6338
Mitre link : CVE-2017-6338
CVE.ORG link : CVE-2017-6338
JSON object : View
Products Affected
trendmicro
- interscan_web_security_virtual_appliance
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource