exploitDog

GHSA-r87g-pphp-cg7r

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

Ссылки

EPSS

Процентиль: 52%

0.00286

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-27016

CVSS3: 8.8

nvd

около 5 лет назад

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

EPSS

Процентиль: 52%

0.00286

Низкий

CVE ID

Дефекты

CWE-352