A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Trendmicro
  • Interscan Web Security Virtual Appliance

Configuration 1 [-]

cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:*:*:*:*:*:*:*

No data.

References
Link Providers
https://success.trendmicro.com/dcx/s/solution/000298065 cve-icon cve-icon cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-24-574/ cve-icon cve-icon cve-icon
History

Thu, 03 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendmicro
Trendmicro interscan Web Security Virtual Appliance
Weaknesses CWE-79
CPEs cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro interscan Web Security Virtual Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2024-08-02T03:37:04.786Z

Reserved: 2024-05-23T20:03:45.564Z

Link: CVE-2024-36359

cve-icon Vulnrichment

Updated: 2024-08-02T03:37:04.786Z

cve-icon NVD

Status : Modified

Published: 2024-06-10T22:15:11.413

Modified: 2024-11-21T09:22:01.040

Link: CVE-2024-36359

cve-icon Redhat

No data.