CVE-2017-6338
MEDIUMTrendmicro Interscan Web Security Vir... - Incorrect Permission Assignment
Title source: ruleDescription
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
Exploits (1)
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/1116960
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97482
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf
Scores
CVSS v3
6.5
EPSS
0.0101
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (1)
trendmicro/interscan_web_security_virtual_appliance
< 6.5
Published
Apr 05, 2017
Tracked Since
Feb 18, 2026