Details of VAR-201608-0452

ID

VAR-201608-0452

CVE

CVE-2016-4915

TITLE

Trend Micro InterScan Messaging Security Virtual Appliance Cross-site scripting vulnerability and open redirect vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201609-384

DESCRIPTION

Trend Micro InterScan Messaging Security Virtual Appliance is prone to the following security vulnerabilities: 1. A cross-site scripting vulnerability 2. An open-redirection vulnerability 3. Multiple security vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials, to bypass the authentication mechanism and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 8.5 are vulnerable.

Trust: 0.3

sources: BID: 92776

AFFECTED PRODUCTS

vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.0	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	8.5	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance build	scope:	ne	version:	9.01579	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance buld	scope:	ne	version:	8.51661	Trust: 0.3

sources: BID: 92776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-384

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-384

PATCH

title:

Trend Micro InterScan Messaging Security Virtual Appliance Fixes for cross-site scripting vulnerabilities and open redirection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64178

Trust: 0.6

sources: CNNVD: CNNVD-201609-384

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4915	Trust: 0.9
db:	BID	id:	92776	Trust: 0.9
db:	CNNVD	id:	CNNVD-201609-384	Trust: 0.6

sources: BID: 92776 // CNNVD: CNNVD-201609-384

REFERENCES

url:	http://www.securityfocus.com/bid/92776	Trust: 0.6
url:	http://www.trend.com	Trust: 0.3
url:	https://success.trendmicro.com/solution/1114746	Trust: 0.3

sources: BID: 92776 // CNNVD: CNNVD-201609-384

CREDITS

Spyridon Chatzimichail of OTE Hellenic Telecommunications Organization S.A

Trust: 0.9

sources: BID: 92776 // CNNVD: CNNVD-201609-384

SOURCES

db:	BID	id:	92776
db:	CNNVD	id:	CNNVD-201609-384

LAST UPDATE DATE

2022-05-04T08:56:37.885000+00:00

SOURCES UPDATE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-384	date:	2017-04-19T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-384	date:	2016-08-16T00:00:00