Detections
Analytics
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Information Disclosure Vulnerability (1122250)
high Nessus Plugin ID 133361
Language:
Synopsis
The remote host is running an application that is affected by an information disclosure vulnerabilityDescription
According to its self-reported version, the instance of Trend Micro InterScan Web Security Virtual Appliance is affected by an information disclosure vulnerability in its web console component. An authenticated, remote attacker can exploit this, to disclose credentials of the web console administrator.Note that Nessus has not tested for this issue but has instead relied solely on the application's self-reported version number.
Solution
Upgrade to the IWSVA version 6.5 build 1852 or later.See Also
Plugin Details
Severity: High
ID: 133361
File Name: trendmicro_iwsva_1122326.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 1/30/2020
Updated: 1/31/2020
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2019-9490
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Settings/ParanoidReport, Host/TrendMicro/IWSVA/version, Host/TrendMicro/IWSVA/build
Exploit Ease: No known exploits are available
Patch Publication Date: 4/3/2019
Vulnerability Publication Date: 4/3/2019
Reference Information
CVE: CVE-2019-9490
BID: 107848