Details of VAR-201608-0453

ID

VAR-201608-0453

CVE

CVE-2016-4914

TITLE

Trend Micro InterScan Messaging Security Virtual Appliance Cross-site scripting vulnerability and open redirect vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201609-383

DESCRIPTION

Trend Micro InterScan Messaging Security Virtual Appliance is prone to the following security vulnerabilities: 1. A cross-site scripting vulnerability 2. An open-redirection vulnerability 3. Multiple security vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials, to bypass the authentication mechanism and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 8.5 are vulnerable.

Trust: 0.3

sources: BID: 92776

AFFECTED PRODUCTS

vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.0	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	8.5	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance build	scope:	ne	version:	9.01579	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance buld	scope:	ne	version:	8.51661	Trust: 0.3

sources: BID: 92776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-383

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-383

PATCH

title:

Trend Micro InterScan Messaging Security Virtual Appliance Fixes for cross-site scripting vulnerabilities and open redirection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64177

Trust: 0.6

sources: CNNVD: CNNVD-201609-383

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4914	Trust: 0.9
db:	BID	id:	92776	Trust: 0.9
db:	CNNVD	id:	CNNVD-201609-383	Trust: 0.6

sources: BID: 92776 // CNNVD: CNNVD-201609-383

REFERENCES

url:	http://www.securityfocus.com/bid/92776	Trust: 0.6
url:	http://www.trend.com	Trust: 0.3
url:	https://success.trendmicro.com/solution/1114746	Trust: 0.3

sources: BID: 92776 // CNNVD: CNNVD-201609-383

CREDITS

Spyridon Chatzimichail of OTE Hellenic Telecommunications Organization S.A

Trust: 0.9

sources: BID: 92776 // CNNVD: CNNVD-201609-383

SOURCES

db:	BID	id:	92776
db:	CNNVD	id:	CNNVD-201609-383

LAST UPDATE DATE

2022-05-04T08:56:37.864000+00:00

SOURCES UPDATE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-383	date:	2017-04-19T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-383	date:	2016-08-16T00:00:00