vendor:
InterScan Web Security Virtual Appliance
by:
SlidingWindow
6,5
CVSS
MEDIUM
Sensitive Information Disclosure Vulnerability
200
CWE
Product Name: InterScan Web Security Virtual Appliance
Affected Version From: IWSVA 6.5-SP2 Critical Patch Build 1739 and prior versions in 6.5.x series.
Affected Version To: IWSVA 6.5-SP2 Critical Patch Build 1739 and prior versions in 6.5.x series.
Patch Exists: YES
Related CWE: CVE-2017-6339
CPE: a:trend_micro:interscan_web_security_virtual_appliance:6.5
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017
Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities
An attacker with low privileges can download current CA certificate and Private Key (either the default ones or uploaded by administrators) and use t to decrypt HTTPS traffic.
Mitigation:
Upgrade to IWSVA 6.5-SP2 Critical Patch Build 1739 or later.
