CVE-2017-6338
Last modified
CVE-2017-6338 is a vulnerability of currently unknown severity. Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.. EPSS estimates a 3.92% chance of exploitation in the next 30 days.
Description
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Interscan Web Security Virtual Appliance | <= 6.5 |
References
- http://www.securityfocus.com/bid/97482Third Party Advisory, VDB Entry
- https://success.trendmicro.com/solution/1116960Patch, Vendor Advisory
- https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploit, Technical Description, Third Party Advisory
- http://www.securityfocus.com/bid/97482Third Party Advisory, VDB Entry
- https://success.trendmicro.com/solution/1116960Patch, Vendor Advisory
- https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6338?
How severe is CVE-2017-6338?
How do I fix CVE-2017-6338?
Are you affected by CVE-2017-6338?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST